Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-41411
Vulnerability from cvelistv5
Published
2022-06-16 09:52
Modified
2024-08-04 03:08
Severity ?
EPSS score ?
Summary
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/kiegroup/drools/pull/3808 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kiegroup/drools/pull/3808 | Patch, Third Party Advisory |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:08:32.436Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/kiegroup/drools/pull/3808", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-16T09:52:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/kiegroup/drools/pull/3808", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-41411", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/kiegroup/drools/pull/3808", refsource: "MISC", url: "https://github.com/kiegroup/drools/pull/3808", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-41411", datePublished: "2022-06-16T09:52:01", dateReserved: "2021-09-20T00:00:00", dateUpdated: "2024-08-04T03:08:32.436Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:drools:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.6.0\", \"matchCriteriaId\": \"C458C22F-C819-46F2-BF73-C9D0D6AAA2CE\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.\"}, {\"lang\": \"es\", \"value\": \"drools versiones anteriores a7.59.x incluy\\u00e9ndola, est\\u00e1 afectado por una vulnerabilidad de tipo XML External Entity (XXE) en KieModuleMarshaller.java. La clase Validator no es usada correctamente, resultando en una vulnerabilidad de inyecci\\u00f3n XXE\"}]", id: "CVE-2021-41411", lastModified: "2024-11-21T06:26:13.040", metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2022-06-16T10:15:09.007", references: "[{\"url\": \"https://github.com/kiegroup/drools/pull/3808\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/kiegroup/drools/pull/3808\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]", sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-611\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2021-41411\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-06-16T10:15:09.007\",\"lastModified\":\"2024-11-21T06:26:13.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.\"},{\"lang\":\"es\",\"value\":\"drools versiones anteriores a7.59.x incluyéndola, está afectado por una vulnerabilidad de tipo XML External Entity (XXE) en KieModuleMarshaller.java. La clase Validator no es usada correctamente, resultando en una vulnerabilidad de inyección XXE\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:drools:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.6.0\",\"matchCriteriaId\":\"C458C22F-C819-46F2-BF73-C9D0D6AAA2CE\"}]}]}],\"references\":[{\"url\":\"https://github.com/kiegroup/drools/pull/3808\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/kiegroup/drools/pull/3808\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}", }, }
wid-sec-w-2023-0138
Vulnerability from csaf_certbund
Published
2023-01-17 23:00
Modified
2023-01-17 23:00
Summary
Oracle Communications Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-0138 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0138.json", }, { category: "self", summary: "WID-SEC-2023-0138 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0138", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - January 2023 - Appendix Oracle Communications Applications vom 2023-01-17", url: "https://www.oracle.com/security-alerts/cpujan2023.html#AppendixCAGBU", }, ], source_lang: "en-US", title: "Oracle Communications Applications: Mehrere Schwachstellen", tracking: { current_release_date: "2023-01-17T23:00:00.000+00:00", generator: { date: "2024-08-15T17:41:52.626+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-0138", initial_release_date: "2023-01-17T23:00:00.000+00:00", revision_history: [ { date: "2023-01-17T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Communications Applications 6.3.1", product: { name: "Oracle Communications Applications 6.3.1", product_id: "T018935", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:6.3.1", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.4.0", product: { name: "Oracle Communications Applications 7.4.0", product_id: "T018938", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.4.1", product: { name: "Oracle Communications Applications 7.4.1", product_id: "T018939", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.1", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 7.4.2", product: { name: "Oracle Communications Applications <= 7.4.2", product_id: "T018940", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.2", }, }, }, { category: "product_name", name: "Oracle Communications Applications 8.0.0.6.0", product: { name: "Oracle Communications Applications 8.0.0.6.0", product_id: "T020662", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:8.0.0.6.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.5.0", product: { name: "Oracle Communications Applications 7.5.0", product_id: "T021639", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.5.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 10.0.1.6.0", product: { name: "Oracle Communications Applications 10.0.1.6.0", product_id: "T024967", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:10.0.1.6.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 12.0.0.7.0", product: { name: "Oracle Communications Applications <= 12.0.0.7.0", product_id: "T024968", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:12.0.0.7.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 5.5.9", product: { name: "Oracle Communications Applications <= 5.5.9", product_id: "T025857", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:5.5.9", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 6.0.1", product: { name: "Oracle Communications Applications <= 6.0.1", product_id: "T025858", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:6.0.1", }, }, }, { category: "product_name", name: "Oracle Communications Applications 3.0.3.1.0", product: { name: "Oracle Communications Applications 3.0.3.1.0", product_id: "T025859", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:3.0.3.1.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 8.0.0.7.0", product: { name: "Oracle Communications Applications 8.0.0.7.0", product_id: "T025860", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:8.0.0.7.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 8.1.0.20.0", product: { name: "Oracle Communications Applications 8.1.0.20.0", product_id: "T025861", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:8.1.0.20.0", }, }, }, ], category: "product_name", name: "Communications Applications", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-21848", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2023-21848", }, { cve: "CVE-2023-21824", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2023-21824", }, { cve: "CVE-2022-42889", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-42889", }, { cve: "CVE-2022-42252", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-42252", }, { cve: "CVE-2022-42003", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-42003", }, { cve: "CVE-2022-41720", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-41720", }, { cve: "CVE-2022-40150", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-40150", }, { cve: "CVE-2022-40146", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-40146", }, { cve: "CVE-2022-39271", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-39271", }, { cve: "CVE-2022-38752", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-38752", }, { cve: "CVE-2022-37454", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-37454", }, { cve: "CVE-2022-36055", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-36055", }, { cve: "CVE-2022-35737", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-35737", }, { cve: "CVE-2022-34917", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-34917", }, { cve: "CVE-2022-33980", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-33980", }, { cve: "CVE-2022-32212", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-32212", }, { cve: "CVE-2022-3171", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-3171", }, { cve: "CVE-2022-31692", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-31692", }, { cve: "CVE-2022-30126", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-30126", }, { cve: "CVE-2022-25857", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-25857", }, { cve: "CVE-2022-25647", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-25647", }, { cve: "CVE-2022-22978", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-22978", }, { cve: "CVE-2022-22971", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-22971", }, { cve: "CVE-2021-43797", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2021-43797", }, { cve: "CVE-2021-41411", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2021-41411", }, { cve: "CVE-2020-16156", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2020-16156", }, { cve: "CVE-2019-17571", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2019-17571", }, ], }
wid-sec-w-2022-1476
Vulnerability from csaf_certbund
Published
2022-09-19 22:00
Modified
2023-03-02 23:00
Summary
SUSE Manager: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
SUSE Manager basiert auf Spacewalk, welche die Codebase vom Red Hat
Satellite Server nutzt und ermöglicht ein zentrale Systemmanagement von Linux-Umgebungen.
Angriff
Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in SUSE Manager ausnutzen, um Sicherheitsvorkehrungen zu umgehen, beliebigen Code auszuführen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme
- UNIX
- Linux
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "SUSE Manager basiert auf Spacewalk, welche die Codebase vom Red Hat\r\nSatellite Server nutzt und ermöglicht ein zentrale Systemmanagement von Linux-Umgebungen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in SUSE Manager ausnutzen, um Sicherheitsvorkehrungen zu umgehen, beliebigen Code auszuführen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand zu verursachen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-1476 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1476.json", }, { category: "self", summary: "WID-SEC-2022-1476 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1476", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:0593-1 vom 2023-03-02", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-March/013958.html", }, { category: "external", summary: "SUSE Security Advisory vom 2022-09-19", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012289.html", }, { category: "external", summary: "SUSE Security Advisory vom 2022-09-19", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012286.html", }, { category: "external", summary: "SUSE Security Advisory vom 2022-09-19", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012291.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:3761-1 vom 2022-10-26", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012707.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:3750-1 vom 2022-10-26", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012690.html", }, ], source_lang: "en-US", title: "SUSE Manager: Mehrere Schwachstellen", tracking: { current_release_date: "2023-03-02T23:00:00.000+00:00", generator: { date: "2024-08-15T17:35:26.337+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2022-1476", initial_release_date: "2022-09-19T22:00:00.000+00:00", revision_history: [ { date: "2022-09-19T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2022-10-26T22:00:00.000+00:00", number: "2", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-03-02T23:00:00.000+00:00", number: "3", summary: "Neue Updates von SUSE aufgenommen", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, { category: "product_name", name: "SUSE Manager < 4.2.9", product: { name: "SUSE Manager < 4.2.9", product_id: "T024662", product_identification_helper: { cpe: "cpe:/a:suse:manager:4.2.9", }, }, }, ], category: "vendor", name: "SUSE", }, ], }, vulnerabilities: [ { cve: "CVE-2021-41411", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in SUSE Manager. Der Fehler besteht in der Komponente drools aufgrund einer XML External Entity (XXE) Schwachstelle in KieModuleMarshaller.java. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T002207", ], }, release_date: "2022-09-19T22:00:00.000+00:00", title: "CVE-2021-41411", }, { cve: "CVE-2021-42740", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in SUSE Manager. Der Fehler besteht in der Komponente Node.js aufgrund einer Befehlsinjektion. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er durch eine Regex, die für die Unterstützung von Windows-Laufwerksbuchstaben entwickelt wurde, uneingescapte Shell-Metazeichen einfügt, um beliebigen Code auszuführen.", }, ], product_status: { known_affected: [ "T002207", ], }, release_date: "2022-09-19T22:00:00.000+00:00", title: "CVE-2021-42740", }, { cve: "CVE-2021-43138", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in SUSE Manager. Der Fehler besteht in der Komponente Async in der mapValues()-Methode aufgrund einer Prototypenverschmutzung. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T002207", ], }, release_date: "2022-09-19T22:00:00.000+00:00", title: "CVE-2021-43138", }, { cve: "CVE-2022-31129", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in SUSE Manager. Der Fehler besteht in der Komponente Moment aufgrund eines ineffizienten Parsing-Algorithmus. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er Eingaben mit mehr als 10k Zeichen übermittelt, um einen Denial-of-Service-Zustand auszulösen.", }, ], product_status: { known_affected: [ "T002207", ], }, release_date: "2022-09-19T22:00:00.000+00:00", title: "CVE-2022-31129", }, ], }
WID-SEC-W-2023-0138
Vulnerability from csaf_certbund
Published
2023-01-17 23:00
Modified
2023-01-17 23:00
Summary
Oracle Communications Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Communications Applications umfasst eine Sammlung von Werkzeugen zur Verwaltung von Messaging-, Kommunikationsdiensten und -ressourcen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-0138 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0138.json", }, { category: "self", summary: "WID-SEC-2023-0138 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0138", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - January 2023 - Appendix Oracle Communications Applications vom 2023-01-17", url: "https://www.oracle.com/security-alerts/cpujan2023.html#AppendixCAGBU", }, ], source_lang: "en-US", title: "Oracle Communications Applications: Mehrere Schwachstellen", tracking: { current_release_date: "2023-01-17T23:00:00.000+00:00", generator: { date: "2024-08-15T17:41:52.626+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-0138", initial_release_date: "2023-01-17T23:00:00.000+00:00", revision_history: [ { date: "2023-01-17T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Oracle Communications Applications 6.3.1", product: { name: "Oracle Communications Applications 6.3.1", product_id: "T018935", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:6.3.1", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.4.0", product: { name: "Oracle Communications Applications 7.4.0", product_id: "T018938", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.4.1", product: { name: "Oracle Communications Applications 7.4.1", product_id: "T018939", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.1", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 7.4.2", product: { name: "Oracle Communications Applications <= 7.4.2", product_id: "T018940", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.4.2", }, }, }, { category: "product_name", name: "Oracle Communications Applications 8.0.0.6.0", product: { name: "Oracle Communications Applications 8.0.0.6.0", product_id: "T020662", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:8.0.0.6.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 7.5.0", product: { name: "Oracle Communications Applications 7.5.0", product_id: "T021639", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:7.5.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 10.0.1.6.0", product: { name: "Oracle Communications Applications 10.0.1.6.0", product_id: "T024967", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:10.0.1.6.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 12.0.0.7.0", product: { name: "Oracle Communications Applications <= 12.0.0.7.0", product_id: "T024968", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:12.0.0.7.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 5.5.9", product: { name: "Oracle Communications Applications <= 5.5.9", product_id: "T025857", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:5.5.9", }, }, }, { category: "product_name", name: "Oracle Communications Applications <= 6.0.1", product: { name: "Oracle Communications Applications <= 6.0.1", product_id: "T025858", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:6.0.1", }, }, }, { category: "product_name", name: "Oracle Communications Applications 3.0.3.1.0", product: { name: "Oracle Communications Applications 3.0.3.1.0", product_id: "T025859", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:3.0.3.1.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 8.0.0.7.0", product: { name: "Oracle Communications Applications 8.0.0.7.0", product_id: "T025860", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:8.0.0.7.0", }, }, }, { category: "product_name", name: "Oracle Communications Applications 8.1.0.20.0", product: { name: "Oracle Communications Applications 8.1.0.20.0", product_id: "T025861", product_identification_helper: { cpe: "cpe:/a:oracle:communications_applications:8.1.0.20.0", }, }, }, ], category: "product_name", name: "Communications Applications", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-21848", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2023-21848", }, { cve: "CVE-2023-21824", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2023-21824", }, { cve: "CVE-2022-42889", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-42889", }, { cve: "CVE-2022-42252", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-42252", }, { cve: "CVE-2022-42003", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-42003", }, { cve: "CVE-2022-41720", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-41720", }, { cve: "CVE-2022-40150", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-40150", }, { cve: "CVE-2022-40146", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-40146", }, { cve: "CVE-2022-39271", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-39271", }, { cve: "CVE-2022-38752", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-38752", }, { cve: "CVE-2022-37454", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-37454", }, { cve: "CVE-2022-36055", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-36055", }, { cve: "CVE-2022-35737", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-35737", }, { cve: "CVE-2022-34917", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-34917", }, { cve: "CVE-2022-33980", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-33980", }, { cve: "CVE-2022-32212", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-32212", }, { cve: "CVE-2022-3171", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-3171", }, { cve: "CVE-2022-31692", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-31692", }, { cve: "CVE-2022-30126", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-30126", }, { cve: "CVE-2022-25857", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-25857", }, { cve: "CVE-2022-25647", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-25647", }, { cve: "CVE-2022-22978", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-22978", }, { cve: "CVE-2022-22971", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2022-22971", }, { cve: "CVE-2021-43797", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2021-43797", }, { cve: "CVE-2021-41411", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2021-41411", }, { cve: "CVE-2020-16156", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2020-16156", }, { cve: "CVE-2019-17571", notes: [ { category: "description", text: "In Oracle Communications Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T025859", "T024967", "T020662", "T018935", "T025861", "T021639", "T018938", "T018939", "T025860", ], last_affected: [ "T024968", "T025858", "T018940", "T025857", ], }, release_date: "2023-01-17T23:00:00.000+00:00", title: "CVE-2019-17571", }, ], }
WID-SEC-W-2022-1476
Vulnerability from csaf_certbund
Published
2022-09-19 22:00
Modified
2023-03-02 23:00
Summary
SUSE Manager: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
SUSE Manager basiert auf Spacewalk, welche die Codebase vom Red Hat
Satellite Server nutzt und ermöglicht ein zentrale Systemmanagement von Linux-Umgebungen.
Angriff
Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in SUSE Manager ausnutzen, um Sicherheitsvorkehrungen zu umgehen, beliebigen Code auszuführen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme
- UNIX
- Linux
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "SUSE Manager basiert auf Spacewalk, welche die Codebase vom Red Hat\r\nSatellite Server nutzt und ermöglicht ein zentrale Systemmanagement von Linux-Umgebungen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in SUSE Manager ausnutzen, um Sicherheitsvorkehrungen zu umgehen, beliebigen Code auszuführen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand zu verursachen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-1476 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1476.json", }, { category: "self", summary: "WID-SEC-2022-1476 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1476", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:0593-1 vom 2023-03-02", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-March/013958.html", }, { category: "external", summary: "SUSE Security Advisory vom 2022-09-19", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012289.html", }, { category: "external", summary: "SUSE Security Advisory vom 2022-09-19", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012286.html", }, { category: "external", summary: "SUSE Security Advisory vom 2022-09-19", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012291.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:3761-1 vom 2022-10-26", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012707.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:3750-1 vom 2022-10-26", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012690.html", }, ], source_lang: "en-US", title: "SUSE Manager: Mehrere Schwachstellen", tracking: { current_release_date: "2023-03-02T23:00:00.000+00:00", generator: { date: "2024-08-15T17:35:26.337+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2022-1476", initial_release_date: "2022-09-19T22:00:00.000+00:00", revision_history: [ { date: "2022-09-19T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2022-10-26T22:00:00.000+00:00", number: "2", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-03-02T23:00:00.000+00:00", number: "3", summary: "Neue Updates von SUSE aufgenommen", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, { category: "product_name", name: "SUSE Manager < 4.2.9", product: { name: "SUSE Manager < 4.2.9", product_id: "T024662", product_identification_helper: { cpe: "cpe:/a:suse:manager:4.2.9", }, }, }, ], category: "vendor", name: "SUSE", }, ], }, vulnerabilities: [ { cve: "CVE-2021-41411", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in SUSE Manager. Der Fehler besteht in der Komponente drools aufgrund einer XML External Entity (XXE) Schwachstelle in KieModuleMarshaller.java. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T002207", ], }, release_date: "2022-09-19T22:00:00.000+00:00", title: "CVE-2021-41411", }, { cve: "CVE-2021-42740", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in SUSE Manager. Der Fehler besteht in der Komponente Node.js aufgrund einer Befehlsinjektion. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er durch eine Regex, die für die Unterstützung von Windows-Laufwerksbuchstaben entwickelt wurde, uneingescapte Shell-Metazeichen einfügt, um beliebigen Code auszuführen.", }, ], product_status: { known_affected: [ "T002207", ], }, release_date: "2022-09-19T22:00:00.000+00:00", title: "CVE-2021-42740", }, { cve: "CVE-2021-43138", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in SUSE Manager. Der Fehler besteht in der Komponente Async in der mapValues()-Methode aufgrund einer Prototypenverschmutzung. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T002207", ], }, release_date: "2022-09-19T22:00:00.000+00:00", title: "CVE-2021-43138", }, { cve: "CVE-2022-31129", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in SUSE Manager. Der Fehler besteht in der Komponente Moment aufgrund eines ineffizienten Parsing-Algorithmus. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er Eingaben mit mehr als 10k Zeichen übermittelt, um einen Denial-of-Service-Zustand auszulösen.", }, ], product_status: { known_affected: [ "T002207", ], }, release_date: "2022-09-19T22:00:00.000+00:00", title: "CVE-2022-31129", }, ], }
suse-su-2022:3750-1
Vulnerability from csaf_suse
Published
2022-10-26 08:45
Modified
2022-10-26 08:45
Summary
Security update for SUSE Manager Server 4.3
Notes
Title of the patch
Security update for SUSE Manager Server 4.3
Description of the patch
This update fixes the following issues:
cobbler:
- Consider case of 'next_server' being a hostname during migration of Cobbler collections.
- Fix problem with 'proxy_url_ext' setting being None type.
- Fix settings migration schema to work while upgrading on existing running
Uyuni and SUSE Manager servers running with old Cobbler settings (bsc#1203478)
- Do generate boot menus even if no profiles or systems - only local boot
- Avoid crashing running buildiso in certain conditions.
- Fix issue that a custom kernel with the extension '.kernel' is not
accepted by 'cobbler distro add'
- Fix issue with 'get_item_resolved_value' that prevented it from
returning in cases where a complex object would have been returned
- Fix issue where the logs would have been spammed with 'grab_tree'
messages that are meant for debugging
- Buildiso - Fix DNS append line generation
- Change apache2 conf dir for SUSE distros to allow integration with
Uyuni and SUSE Manager
- Avoid permissions errors during cobbler sync
- Update to version 3.3.3
- Add UEFI capabilities to 'cobbler buildiso' (jsc#SUMA-112)
- Relevant changes on this release:
* New:
* Uyuni Proxies can now be set with the schema validation.
* Cobbler should now build on AlmaLinux.
* The initrd is not required anymore as it is an optional file.
* XML-RPC: Added dump_vars endpoint. This is intended to replace get_blended_data as of 3.4.0.
* XML-RPC: Added get_item_resolved_value & set_item_resolved_value endpoints.
* Breaking Changes:
* The field virt_file_size is now a float and the related settings as well.
* Changes:
* The error messages for duplicated objects now contains the name of the duplicated object.
* Bugfixes:
* Dictionaries had the wrong value set for <<inherit>>.
* There were some cases in which the autoinstallation manager was handed the wrong object and then crashed.
* The inheritance of the owners field was fixed.
* Serial Console options should not contain bogous -1 value anymore.
* HTTP API should not throw permission errors anymore.
* During build the log was not visible due to a custom logger without output.
* cobbler mkloaders now also copies dependencies of menu.c32.
* We now generate the grub configuration for the architectures correct again.
* virt_file_size now is a float at all times.
* Cobbler should restart successfully now if you have attached an image to a system.
* If you have a system named default the bootloader was not removed properly before.
* cobbler buildiso: The isolinux.cfg was not properly formatted.
* There were unharmful templating errors in the log related to redhat_management_type. The parts depending on this
were removed.
* The DNS managers were non-functional before because of a not existing function call.
* cobbler buildiso failed with --tmpdirs that don't end in buildiso.
* cobbler buildiso had outdated docs and help messages for some parameters.
* cobbler import: It was impossible to import Rocky Linux 8.5 successfully.
* Cobbler created duplicated settings files before.
* cobbler sync was broken by refactoring to shell=False before.
- CVE-2022-0860: Improper Authorization in Cobbler. (bsc#1197027)
- Version 3.3.0 fixed jsc#SUMA-112
- Update to version 3.3.2
* cobbler sync doesn't have to be executed no more after enable_ipxe was flipped
* Auth: Support for Global Secure Catalog via LDAP provider
* Reposync now deletes old metadata to prevent metadata merge conflicts
* The automigration of the settings is now not enabled per default.
* We removed ppc from RedHat EL 7 as it is not supported
* Network interface is not subscriptable errors were fixed
* The stacktraces related to the package and file pre & post triggers should no longer appear
* You should be able to add multiple initrds if needed again
* Debian: Fix regex for SHIM_FILE which now provides a working reasonable default
drools:
- CVE-2021-41411: XML External Entity injection in KieModuleModelImpl.java (bsc#1200629)
image-sync-formula:
- Update to version 0.1.1661440542.6cbe0da
* Sort boot images by version instead of name-version (bsc#1196729)
* Do not send events if syncing fails
inter-server-sync:
* Compress exported sql data and decompress during import
* Add gzip dependency to decompress data file during import process
locale-formula:
- Update to version 0.3
* Remove .map.gz from kb_map dictionary (bsc#1203406)
python-urlgrabber:
- Avoid crashing when setting URLGRABBER_DEBUG=1 environment variable
reprepro:
- Update from version 5.3.0 to version 5.4.0
* Add shunit2 based tests
* Support multiple versions
* Add the commands move, movesrc, movematched, movefilter
* Add Limit and Archive option
* fix manpage to add the behaviour if reprepro is linked against liblzma
* Mark 'dumpcontents' command as deprecated
saltboot-formula:
- Update to version 0.1.1661440542.6cbe0da
* Fallback to local boot if the configured image is not synced
* Support salt bundle
spacecmd:
- Version 4.3.15-1
* Process date values in spacecmd api calls (bsc#1198903)
spacewalk-admin:
- Version 4.3.10-1
* Ensure 'cobbler mkloaders' is executed after restarting services
* Add --help option to mgr-monitoring-ctl
* reportdb access: force new report_db_sslrootcert if previous default is set
spacewalk-backend:
- Version 4.3.16-1
* Prevent mixing credentials for proxy and repository server
while using basic authentication and avoid hiding errors
i.e. timeouts while having proxy settings issues
with extra logging in verbose mode (bsc#1201788)
* Fix the condition of hiding the token from URL on logging
* export armored GPG key to salt filesystem as well
* Upgrade Cobbler requirement to 3.3.3 or later
* Make reposync use the configured http proxy with mirrorlist (bsc#1198168)
spacewalk-certs-tools:
- Version 4.3.15-1
* fix mgr-ssl-cert-setup for root CAs which do not set authorityKeyIdentifier (bsc#1203585)
spacewalk-client-tools:
- Version 4.3.12-1
* Update translation strings
spacewalk-java:
- version 4.3.38-1
* delay hardware refresh action to avoid missing channels (bsc#1204208)
- Version 4.3.37-1
* Fix get_item_resolved_value call
- Version 4.3.36-1
* Fix prerequisite action serialization (bsc#1202899, bsc#1203484)
* Fix hardware update where there is no DNS FQDN changes (bsc#1203611)
* Fix UI crash when filtering on systems list (bsc#1203169)
* Filter out successors that have no repositories on SP migration (bsc#1202367)
* Reduced the usage of deprecated Hibernate API
* Use mgrnet.dns_fqdns module to improve FQDN detection (bsc#1199726)
* Support Pay-as-you-go new CA location for SUSE Linux Enterprise Server 15 SP4 and higher (bsc#1202729)
* Fixed pagination for completed/failed systems in action details
* Add support in rhn.conf for smtp port, auth, ssl/tls config
* Calculate dependencies between cloned channels of vendor channels (bsc#1201626)
* Fix sync for external repositories (bsc#1201753)
* Detect the clients running on Amazon EC2 (bsc#1195624)
* Adjust cobbler requirement to version 3.3.3
* Support inherited values for kernel options from Cobbler API
* Fix virtFileSize type after cobbler upgrade
* Redefine available power_management.types for cobbler >= 3.3.1
* fix state.apply result parsing in test mode (bsc#1201913)
* require tomcat native interface to prevent misleading warning
in tomcat startup log (bsc#1202455)
* Reduce the length of image channel URL (bsc#1201220)
* Fixed formula deselection in systemgroup (bsc#1202271)
* Added a new configuration property to allow custom channels to
be synced together with vendor channels.
* add onlyRelevant argument to addErrataUpdate API
* fix taskomatic task remain in progress
spacewalk-search:
- Version 4.3.7-1
* update dependencies after package rename
spacewalk-setup:
- version 4.3.12
* Fix detected issues to perform migration of Cobbler settings
and collections.
- Version 4.3.11-1
* Trigger migration of Cobbler settings and collections if necessary
during package installation (bsc#1203478)
* Execute 'cobbler mkloaders' when setting up cobbler
* Adjust next_server cobbler settings for cobbler >= 3.3.1
* fix prototype missmatch in idn_to_ascii (bsc#1203385)
spacewalk-utils:
- Version 4.3.14-1
* Make spacewalk-hostname-rename working with settings.yaml cobbler config file (bsc#1203564)
* spacewalk-common-channels now syncs the channels automatically
on creation, if the new configuration property named
'unify_custom_channel_management' is enabled
spacewalk-web:
- Version 4.3.24-1
* Upgrade moment-timezone
* CVE-2021-43138: Obtain privileges via the `mapValues()` method. (bsc#1200480)
* CVE-2021-42740: Command injection in the shell-quote package. (bsc#1203287)
* CVE-2022-31129: Denial-of-Service moment: inefficient parsing algorithm (bsc#1203288)
* Fix table header layout for unselectable tables
subscription-matcher:
- Added Guava maximum version requirement
susemanager:
- Version 4.3.19-1
* mark new dependencies for python-py optional in bootstrap repo
to fix generation for older service packs (bsc#1203449)
* add bootstrap repository definition for OES2023 (bsc#1202602)
* add missing packages on SUSE Linux Enterprise Server 15
* remove server-migrator.sh from SUSE Manager installations (bsc#1202728)
* create bootstrap repository data for Ubuntu 22.04 Vendor Channels
* remove obsoleted sysv init script (bsc#1191857)
* mgr-create-bootstrap-repo: flush directory also when called
for a specific label (bsc#1200573)
* pg-migrate-x-to-y.sh: improve output (bsc#1201260)
* remove python-tornado from bootstrap repo, since no longer
required for salt version >= 3000
* add missing packages on SUSE Linux Enterprise Server 12 SP5 bootstrap repo (bsc#1201918)
* revert 'bootstrap repo: set optional packages'
susemanager-build-keys:
- Add release and auxiliary GPG keys for RedHat
- Add keys for Rocky Linux 9
* RPM-GPG-KEY-redhat-release
* RPM-GPG-KEY-redhat-auxiliary
* RPM-GPG-KEY-Rocky-9
susemanager-docs_en:
- Removed Debian 9 references due to end of life and added missing Debian 11 info
- Fixed description of default notification settings (bsc#1203422)
- Added missing Debian 11 references
- Documented helm deployment of the proxy on k3s and MetalLB in
Installation and Upgrade Guide
- Added secure mail communication settings in Administration Guide
- Fixed path to state and pillar files
- Documented how pxeboot works with Secure Boot enabled in Client
Configuration Guide
- Add repository via proxy issues troubleshooting page
- Change import GPG key description
- Added SLE Micro 5.2 and 5.3 as available as a technology preview
in Client Configuration Guide, and the IBM Z architecture for 5.1,
5.2, and 5.3
- Added command to remove the obsolete Python module on SUSE Manager
Server 4.1 in the Installation and Upgrade Guide (bsc#1203026)
- Mention CA certificate directory in the proxy setup description in the
Installation and Upgrade Guide (bsc#1202805)
- Documented mandatory channels in the Disconnected Setup chapter of the
Administration Guide (bsc#1202464)
- Documented how to onboard Ubuntu clients with the Salt bundle as a
regular user
- Documented how to onboard Debian clients with the Salt bundle or
plain Salt as a regular user
- Fixed the names of updates channels for Leap
- Fixed errors in OpenSCAP chapter of Administration Guide
- Removed CentOS 8 from the list of supported client systems
- Extend the notes about using noexec option for /tmp and /var/tmp
(bsc#1201210)
- Added Extend Salt Bundle functionality with Python packages using pip
- Salt Configuration Modules are no longer Technology Preview in
the Salt Guide
susemanager-schema:
- Version 4.3.14-1
* Add subtypes for Amazon EC2 virtual instances (bsc#1195624)
* Fix migration of image actions (bsc#1202272)
* improve schema compatibility with Amazon RDS
susemanager-sls:
- Version 4.3.25-1
* Fix mgrnet availability check
* Remove dependence on Kiwi libraries
* disable always the bootstrap repository also when
'mgr_disable_local_repos' is set to False
* Use mgrnet.dns_fqdns module to improve FQDN detection (bsc#1199726)
* fix syntax error - remove trailing colon (bsc#1203049)
* Add mgrnet salt module with mgrnet.dns_fqnd function implementation
allowing to get all possible FQDNs from DNS (bsc#1199726)
* Copy grains file with util.mgr_switch_to_venv_minion state apply (bsc#1203056)
* Remove the message 'rpm: command not found' on using Salt SSH
with Debian based systems which has no Salt Bundle
susemanager-sync-data:
- Version 4.3.9-1
* add oes2023 (bsc#1202602)
* add Ubuntu 22.04 amd64
susemanager-tftpsync:
- Version 4.3.2-1
* Adjust sync_post_tftpd_proxies module to cobbler >= 3.3.1
uyuni-common-libs:
- Version 4.3.6-1
* Do not allow creating path if nonexistent user or group in fileutils.
uyuni-reportdb-schema:
- Version 4.3.6-1
* improve schema compatibility with Amazon RDS
How to apply this update:
1. Log in as root user to the SUSE Manager server.
2. Stop the Spacewalk service:
`spacewalk-service stop`
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service:
`spacewalk-service start`
Patchnames
SUSE-2022-3750,SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-3750,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3750
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for SUSE Manager Server 4.3", title: "Title of the patch", }, { category: "description", text: "\nThis update fixes the following issues:\n\ncobbler:\n\n- Consider case of 'next_server' being a hostname during migration of Cobbler collections.\n- Fix problem with 'proxy_url_ext' setting being None type.\n- Fix settings migration schema to work while upgrading on existing running\n Uyuni and SUSE Manager servers running with old Cobbler settings (bsc#1203478)\n- Do generate boot menus even if no profiles or systems - only local boot\n- Avoid crashing running buildiso in certain conditions.\n- Fix issue that a custom kernel with the extension '.kernel' is not\n accepted by 'cobbler distro add'\n- Fix issue with 'get_item_resolved_value' that prevented it from\n returning in cases where a complex object would have been returned\n- Fix issue where the logs would have been spammed with 'grab_tree'\n messages that are meant for debugging\n- Buildiso - Fix DNS append line generation\n- Change apache2 conf dir for SUSE distros to allow integration with\n Uyuni and SUSE Manager\n- Avoid permissions errors during cobbler sync\n- Update to version 3.3.3\n- Add UEFI capabilities to 'cobbler buildiso' (jsc#SUMA-112)\n- Relevant changes on this release:\n * New:\n * Uyuni Proxies can now be set with the schema validation.\n * Cobbler should now build on AlmaLinux.\n * The initrd is not required anymore as it is an optional file.\n * XML-RPC: Added dump_vars endpoint. This is intended to replace get_blended_data as of 3.4.0.\n * XML-RPC: Added get_item_resolved_value & set_item_resolved_value endpoints.\n * Breaking Changes:\n * The field virt_file_size is now a float and the related settings as well.\n * Changes:\n * The error messages for duplicated objects now contains the name of the duplicated object.\n * Bugfixes:\n * Dictionaries had the wrong value set for <<inherit>>.\n * There were some cases in which the autoinstallation manager was handed the wrong object and then crashed.\n * The inheritance of the owners field was fixed.\n * Serial Console options should not contain bogous -1 value anymore.\n * HTTP API should not throw permission errors anymore.\n * During build the log was not visible due to a custom logger without output.\n * cobbler mkloaders now also copies dependencies of menu.c32.\n * We now generate the grub configuration for the architectures correct again.\n * virt_file_size now is a float at all times.\n * Cobbler should restart successfully now if you have attached an image to a system.\n * If you have a system named default the bootloader was not removed properly before.\n * cobbler buildiso: The isolinux.cfg was not properly formatted.\n * There were unharmful templating errors in the log related to redhat_management_type. The parts depending on this\n were removed.\n * The DNS managers were non-functional before because of a not existing function call.\n * cobbler buildiso failed with --tmpdirs that don't end in buildiso.\n * cobbler buildiso had outdated docs and help messages for some parameters.\n * cobbler import: It was impossible to import Rocky Linux 8.5 successfully.\n * Cobbler created duplicated settings files before.\n * cobbler sync was broken by refactoring to shell=False before.\n- CVE-2022-0860: Improper Authorization in Cobbler. (bsc#1197027)\n- Version 3.3.0 fixed jsc#SUMA-112\n- Update to version 3.3.2\n * cobbler sync doesn't have to be executed no more after enable_ipxe was flipped\n * Auth: Support for Global Secure Catalog via LDAP provider\n * Reposync now deletes old metadata to prevent metadata merge conflicts\n * The automigration of the settings is now not enabled per default.\n * We removed ppc from RedHat EL 7 as it is not supported\n * Network interface is not subscriptable errors were fixed\n * The stacktraces related to the package and file pre & post triggers should no longer appear\n * You should be able to add multiple initrds if needed again\n * Debian: Fix regex for SHIM_FILE which now provides a working reasonable default\n\ndrools:\n\n- CVE-2021-41411: XML External Entity injection in KieModuleModelImpl.java (bsc#1200629)\n\nimage-sync-formula:\n\n- Update to version 0.1.1661440542.6cbe0da\n * Sort boot images by version instead of name-version (bsc#1196729)\n * Do not send events if syncing fails\n\ninter-server-sync:\n\n * Compress exported sql data and decompress during import\n * Add gzip dependency to decompress data file during import process\n\nlocale-formula:\n\n- Update to version 0.3\n * Remove .map.gz from kb_map dictionary (bsc#1203406)\n\npython-urlgrabber:\n\n- Avoid crashing when setting URLGRABBER_DEBUG=1 environment variable\n\nreprepro:\n\n- Update from version 5.3.0 to version 5.4.0\n * Add shunit2 based tests \n * Support multiple versions\n * Add the commands move, movesrc, movematched, movefilter\n * Add Limit and Archive option\n * fix manpage to add the behaviour if reprepro is linked against liblzma\n * Mark 'dumpcontents' command as deprecated\n\nsaltboot-formula:\n\n- Update to version 0.1.1661440542.6cbe0da \n * Fallback to local boot if the configured image is not synced\n * Support salt bundle\n\nspacecmd:\n\n- Version 4.3.15-1\n * Process date values in spacecmd api calls (bsc#1198903)\n\nspacewalk-admin:\n\n- Version 4.3.10-1\n * Ensure 'cobbler mkloaders' is executed after restarting services\n * Add --help option to mgr-monitoring-ctl\n * reportdb access: force new report_db_sslrootcert if previous default is set\n\nspacewalk-backend:\n\n- Version 4.3.16-1\n * Prevent mixing credentials for proxy and repository server\n while using basic authentication and avoid hiding errors\n i.e. timeouts while having proxy settings issues\n with extra logging in verbose mode (bsc#1201788)\n * Fix the condition of hiding the token from URL on logging\n * export armored GPG key to salt filesystem as well\n * Upgrade Cobbler requirement to 3.3.3 or later\n * Make reposync use the configured http proxy with mirrorlist (bsc#1198168)\n\nspacewalk-certs-tools:\n\n- Version 4.3.15-1\n * fix mgr-ssl-cert-setup for root CAs which do not set authorityKeyIdentifier (bsc#1203585)\n\nspacewalk-client-tools:\n\n- Version 4.3.12-1\n * Update translation strings\n\nspacewalk-java:\n \n- version 4.3.38-1\n * delay hardware refresh action to avoid missing channels (bsc#1204208)\n- Version 4.3.37-1 \n * Fix get_item_resolved_value call\n- Version 4.3.36-1\n * Fix prerequisite action serialization (bsc#1202899, bsc#1203484)\n * Fix hardware update where there is no DNS FQDN changes (bsc#1203611)\n * Fix UI crash when filtering on systems list (bsc#1203169)\n * Filter out successors that have no repositories on SP migration (bsc#1202367)\n * Reduced the usage of deprecated Hibernate API\n * Use mgrnet.dns_fqdns module to improve FQDN detection (bsc#1199726)\n * Support Pay-as-you-go new CA location for SUSE Linux Enterprise Server 15 SP4 and higher (bsc#1202729)\n * Fixed pagination for completed/failed systems in action details\n * Add support in rhn.conf for smtp port, auth, ssl/tls config\n * Calculate dependencies between cloned channels of vendor channels (bsc#1201626)\n * Fix sync for external repositories (bsc#1201753)\n * Detect the clients running on Amazon EC2 (bsc#1195624)\n * Adjust cobbler requirement to version 3.3.3\n * Support inherited values for kernel options from Cobbler API\n * Fix virtFileSize type after cobbler upgrade\n * Redefine available power_management.types for cobbler >= 3.3.1\n * fix state.apply result parsing in test mode (bsc#1201913)\n * require tomcat native interface to prevent misleading warning\n in tomcat startup log (bsc#1202455)\n * Reduce the length of image channel URL (bsc#1201220)\n * Fixed formula deselection in systemgroup (bsc#1202271)\n * Added a new configuration property to allow custom channels to\n be synced together with vendor channels.\n * add onlyRelevant argument to addErrataUpdate API\n * fix taskomatic task remain in progress\n\nspacewalk-search:\n\n- Version 4.3.7-1\n * update dependencies after package rename\n\nspacewalk-setup:\n \n- version 4.3.12\n * Fix detected issues to perform migration of Cobbler settings\n and collections.\n\n- Version 4.3.11-1\n * Trigger migration of Cobbler settings and collections if necessary\n during package installation (bsc#1203478)\n * Execute 'cobbler mkloaders' when setting up cobbler\n * Adjust next_server cobbler settings for cobbler >= 3.3.1\n * fix prototype missmatch in idn_to_ascii (bsc#1203385)\n\nspacewalk-utils:\n\n- Version 4.3.14-1\n * Make spacewalk-hostname-rename working with settings.yaml cobbler config file (bsc#1203564)\n * spacewalk-common-channels now syncs the channels automatically\n on creation, if the new configuration property named\n 'unify_custom_channel_management' is enabled\n\nspacewalk-web:\n\n- Version 4.3.24-1\n * Upgrade moment-timezone\n * CVE-2021-43138: Obtain privileges via the `mapValues()` method. (bsc#1200480)\n * CVE-2021-42740: Command injection in the shell-quote package. (bsc#1203287)\n * CVE-2022-31129: Denial-of-Service moment: inefficient parsing algorithm (bsc#1203288)\n * Fix table header layout for unselectable tables\n\nsubscription-matcher:\n\n- Added Guava maximum version requirement\n\nsusemanager:\n\n- Version 4.3.19-1\n * mark new dependencies for python-py optional in bootstrap repo\n to fix generation for older service packs (bsc#1203449)\n * add bootstrap repository definition for OES2023 (bsc#1202602)\n * add missing packages on SUSE Linux Enterprise Server 15\n * remove server-migrator.sh from SUSE Manager installations (bsc#1202728)\n * create bootstrap repository data for Ubuntu 22.04 Vendor Channels\n * remove obsoleted sysv init script (bsc#1191857)\n * mgr-create-bootstrap-repo: flush directory also when called\n for a specific label (bsc#1200573)\n * pg-migrate-x-to-y.sh: improve output (bsc#1201260)\n * remove python-tornado from bootstrap repo, since no longer\n required for salt version >= 3000\n * add missing packages on SUSE Linux Enterprise Server 12 SP5 bootstrap repo (bsc#1201918)\n * revert 'bootstrap repo: set optional packages'\n\nsusemanager-build-keys:\n\n- Add release and auxiliary GPG keys for RedHat\n- Add keys for Rocky Linux 9\n * RPM-GPG-KEY-redhat-release\n * RPM-GPG-KEY-redhat-auxiliary\n * RPM-GPG-KEY-Rocky-9\n\nsusemanager-docs_en:\n\n- Removed Debian 9 references due to end of life and added missing Debian 11 info\n- Fixed description of default notification settings (bsc#1203422)\n- Added missing Debian 11 references\n- Documented helm deployment of the proxy on k3s and MetalLB in \n Installation and Upgrade Guide\n- Added secure mail communication settings in Administration Guide\n- Fixed path to state and pillar files\n- Documented how pxeboot works with Secure Boot enabled in Client\n Configuration Guide\n- Add repository via proxy issues troubleshooting page\n- Change import GPG key description\n- Added SLE Micro 5.2 and 5.3 as available as a technology preview \n in Client Configuration Guide, and the IBM Z architecture for 5.1, \n 5.2, and 5.3\n- Added command to remove the obsolete Python module on SUSE Manager \n Server 4.1 in the Installation and Upgrade Guide (bsc#1203026)\n- Mention CA certificate directory in the proxy setup description in the\n Installation and Upgrade Guide (bsc#1202805)\n- Documented mandatory channels in the Disconnected Setup chapter of the\n Administration Guide (bsc#1202464)\n- Documented how to onboard Ubuntu clients with the Salt bundle as a\n regular user\n- Documented how to onboard Debian clients with the Salt bundle or \n plain Salt as a regular user\n- Fixed the names of updates channels for Leap\n- Fixed errors in OpenSCAP chapter of Administration Guide\n- Removed CentOS 8 from the list of supported client systems\n- Extend the notes about using noexec option for /tmp and /var/tmp \n (bsc#1201210)\n- Added Extend Salt Bundle functionality with Python packages using pip\n- Salt Configuration Modules are no longer Technology Preview in \n the Salt Guide\n\nsusemanager-schema:\n\n- Version 4.3.14-1\n * Add subtypes for Amazon EC2 virtual instances (bsc#1195624)\n * Fix migration of image actions (bsc#1202272)\n * improve schema compatibility with Amazon RDS\n\nsusemanager-sls:\n\n- Version 4.3.25-1\n * Fix mgrnet availability check\n * Remove dependence on Kiwi libraries\n * disable always the bootstrap repository also when\n 'mgr_disable_local_repos' is set to False\n * Use mgrnet.dns_fqdns module to improve FQDN detection (bsc#1199726)\n * fix syntax error - remove trailing colon (bsc#1203049)\n * Add mgrnet salt module with mgrnet.dns_fqnd function implementation\n allowing to get all possible FQDNs from DNS (bsc#1199726)\n * Copy grains file with util.mgr_switch_to_venv_minion state apply (bsc#1203056)\n * Remove the message 'rpm: command not found' on using Salt SSH\n with Debian based systems which has no Salt Bundle\n\nsusemanager-sync-data:\n\n- Version 4.3.9-1\n * add oes2023 (bsc#1202602)\n * add Ubuntu 22.04 amd64\n\nsusemanager-tftpsync:\n\n- Version 4.3.2-1\n * Adjust sync_post_tftpd_proxies module to cobbler >= 3.3.1\n\nuyuni-common-libs:\n\n- Version 4.3.6-1\n * Do not allow creating path if nonexistent user or group in fileutils.\n\nuyuni-reportdb-schema:\n\n- Version 4.3.6-1\n * improve schema compatibility with Amazon RDS\n\nHow to apply this update:\n\n1. Log in as root user to the SUSE Manager server.\n2. Stop the Spacewalk service:\n`spacewalk-service stop`\n3. Apply the patch using either zypper patch or YaST Online Update.\n4. Start the Spacewalk service:\n`spacewalk-service start`\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-3750,SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-3750,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3750", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3750-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:3750-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20223750-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:3750-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012699.html", }, { category: "self", summary: "SUSE Bug 1191857", url: "https://bugzilla.suse.com/1191857", }, { category: "self", summary: "SUSE Bug 1195624", url: "https://bugzilla.suse.com/1195624", }, { category: "self", summary: "SUSE Bug 1196729", url: "https://bugzilla.suse.com/1196729", }, { category: "self", summary: "SUSE Bug 1197027", url: "https://bugzilla.suse.com/1197027", }, { category: "self", summary: "SUSE Bug 1198168", url: "https://bugzilla.suse.com/1198168", }, { category: "self", summary: "SUSE Bug 1198903", url: "https://bugzilla.suse.com/1198903", }, { category: "self", summary: "SUSE Bug 1199726", url: "https://bugzilla.suse.com/1199726", }, { category: "self", summary: "SUSE Bug 1200480", url: "https://bugzilla.suse.com/1200480", }, { category: "self", summary: "SUSE Bug 1200573", url: "https://bugzilla.suse.com/1200573", }, { category: "self", summary: "SUSE Bug 1200629", url: "https://bugzilla.suse.com/1200629", }, { category: "self", summary: "SUSE Bug 1201210", url: "https://bugzilla.suse.com/1201210", }, { category: "self", summary: "SUSE Bug 1201220", url: "https://bugzilla.suse.com/1201220", }, { category: "self", summary: "SUSE Bug 1201260", url: "https://bugzilla.suse.com/1201260", }, { category: "self", summary: "SUSE Bug 1201626", url: "https://bugzilla.suse.com/1201626", }, { category: "self", summary: "SUSE Bug 1201753", url: "https://bugzilla.suse.com/1201753", }, { category: "self", summary: "SUSE Bug 1201788", url: "https://bugzilla.suse.com/1201788", }, { category: "self", summary: "SUSE Bug 1201913", url: "https://bugzilla.suse.com/1201913", }, { category: "self", summary: "SUSE Bug 1201918", url: "https://bugzilla.suse.com/1201918", }, { category: "self", summary: "SUSE Bug 1202271", url: "https://bugzilla.suse.com/1202271", }, { category: "self", summary: "SUSE Bug 1202272", url: "https://bugzilla.suse.com/1202272", }, { category: "self", summary: "SUSE Bug 1202367", url: "https://bugzilla.suse.com/1202367", }, { category: "self", summary: "SUSE Bug 1202455", url: "https://bugzilla.suse.com/1202455", }, { category: "self", summary: "SUSE Bug 1202464", url: "https://bugzilla.suse.com/1202464", }, { category: "self", summary: "SUSE Bug 1202602", url: "https://bugzilla.suse.com/1202602", }, { category: "self", summary: "SUSE Bug 1202728", url: "https://bugzilla.suse.com/1202728", }, { category: "self", summary: "SUSE Bug 1202729", url: "https://bugzilla.suse.com/1202729", }, { category: "self", summary: "SUSE Bug 1202805", url: "https://bugzilla.suse.com/1202805", }, { category: "self", summary: "SUSE Bug 1202899", url: "https://bugzilla.suse.com/1202899", }, { category: "self", summary: "SUSE Bug 1203026", url: "https://bugzilla.suse.com/1203026", }, { category: "self", summary: "SUSE Bug 1203049", url: "https://bugzilla.suse.com/1203049", }, { category: "self", summary: "SUSE Bug 1203056", url: "https://bugzilla.suse.com/1203056", }, { category: "self", summary: "SUSE Bug 1203169", url: "https://bugzilla.suse.com/1203169", }, { category: "self", summary: "SUSE Bug 1203287", url: "https://bugzilla.suse.com/1203287", }, { category: "self", summary: "SUSE Bug 1203288", url: "https://bugzilla.suse.com/1203288", }, { category: "self", summary: "SUSE Bug 1203385", url: "https://bugzilla.suse.com/1203385", }, { category: "self", summary: "SUSE Bug 1203406", url: "https://bugzilla.suse.com/1203406", }, { category: "self", summary: "SUSE Bug 1203422", url: "https://bugzilla.suse.com/1203422", }, { category: "self", summary: "SUSE Bug 1203449", url: "https://bugzilla.suse.com/1203449", }, { category: "self", summary: "SUSE Bug 1203478", url: "https://bugzilla.suse.com/1203478", }, { category: "self", summary: "SUSE Bug 1203484", url: "https://bugzilla.suse.com/1203484", }, { category: "self", summary: "SUSE Bug 1203564", url: "https://bugzilla.suse.com/1203564", }, { category: "self", summary: "SUSE Bug 1203585", url: "https://bugzilla.suse.com/1203585", }, { category: "self", summary: "SUSE Bug 1203611", url: "https://bugzilla.suse.com/1203611", }, { category: "self", summary: "SUSE Bug 1204208", url: "https://bugzilla.suse.com/1204208", }, { category: "self", summary: "SUSE CVE CVE-2021-41411 page", url: "https://www.suse.com/security/cve/CVE-2021-41411/", }, { category: "self", summary: "SUSE CVE CVE-2022-0860 page", url: "https://www.suse.com/security/cve/CVE-2022-0860/", }, ], title: "Security update for SUSE Manager Server 4.3", tracking: { current_release_date: "2022-10-26T08:45:32Z", generator: { date: "2022-10-26T08:45:32Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:3750-1", initial_release_date: "2022-10-26T08:45:32Z", revision_history: [ { date: "2022-10-26T08:45:32Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "inter-server-sync-0.2.3-150400.3.6.1.aarch64", product: { name: "inter-server-sync-0.2.3-150400.3.6.1.aarch64", product_id: "inter-server-sync-0.2.3-150400.3.6.1.aarch64", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.3.6-150400.3.6.4.aarch64", product: { name: "python2-uyuni-common-libs-4.3.6-150400.3.6.4.aarch64", product_id: "python2-uyuni-common-libs-4.3.6-150400.3.6.4.aarch64", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.3.6-150400.3.6.4.aarch64", product: { name: "python3-uyuni-common-libs-4.3.6-150400.3.6.4.aarch64", product_id: "python3-uyuni-common-libs-4.3.6-150400.3.6.4.aarch64", }, }, { category: "product_version", name: "reprepro-5.4.0-150400.3.6.1.aarch64", product: { name: "reprepro-5.4.0-150400.3.6.1.aarch64", product_id: "reprepro-5.4.0-150400.3.6.1.aarch64", }, }, { category: "product_version", name: "susemanager-4.3.19-150400.3.6.4.aarch64", product: { name: "susemanager-4.3.19-150400.3.6.4.aarch64", product_id: "susemanager-4.3.19-150400.3.6.4.aarch64", }, }, { category: "product_version", name: "susemanager-tftpsync-4.3.2-150400.3.3.4.aarch64", product: { name: "susemanager-tftpsync-4.3.2-150400.3.3.4.aarch64", product_id: "susemanager-tftpsync-4.3.2-150400.3.3.4.aarch64", }, }, { category: "product_version", name: "susemanager-tools-4.3.19-150400.3.6.4.aarch64", product: { name: "susemanager-tools-4.3.19-150400.3.6.4.aarch64", product_id: "susemanager-tools-4.3.19-150400.3.6.4.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "cobbler-3.3.3-150400.5.7.1.noarch", product: { name: "cobbler-3.3.3-150400.5.7.1.noarch", product_id: "cobbler-3.3.3-150400.5.7.1.noarch", }, }, { category: "product_version", name: "cobbler-tests-3.3.3-150400.5.7.1.noarch", product: { name: "cobbler-tests-3.3.3-150400.5.7.1.noarch", product_id: "cobbler-tests-3.3.3-150400.5.7.1.noarch", }, }, { category: "product_version", name: "drools-7.17.0-150400.3.6.1.noarch", product: { name: "drools-7.17.0-150400.3.6.1.noarch", product_id: "drools-7.17.0-150400.3.6.1.noarch", }, }, { category: "product_version", name: "image-sync-formula-0.1.1661440542.6cbe0da-150400.3.6.1.noarch", product: { name: "image-sync-formula-0.1.1661440542.6cbe0da-150400.3.6.1.noarch", product_id: "image-sync-formula-0.1.1661440542.6cbe0da-150400.3.6.1.noarch", }, }, { category: "product_version", name: "locale-formula-0.3-150400.3.3.1.noarch", product: { name: "locale-formula-0.3-150400.3.3.1.noarch", product_id: "locale-formula-0.3-150400.3.3.1.noarch", }, }, { category: "product_version", name: "mgr-daemon-4.3.6-150400.3.6.4.noarch", product: { name: "mgr-daemon-4.3.6-150400.3.6.4.noarch", product_id: "mgr-daemon-4.3.6-150400.3.6.4.noarch", }, }, { category: "product_version", name: "python3-schema-0.6.7-150400.10.3.1.noarch", product: { name: "python3-schema-0.6.7-150400.10.3.1.noarch", product_id: "python3-schema-0.6.7-150400.10.3.1.noarch", }, }, { category: "product_version", name: "python3-spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", product: { name: "python3-spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", product_id: "python3-spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", }, }, { category: "product_version", name: "python3-spacewalk-check-4.3.12-150400.3.6.6.noarch", product: { name: "python3-spacewalk-check-4.3.12-150400.3.6.6.noarch", product_id: "python3-spacewalk-check-4.3.12-150400.3.6.6.noarch", }, }, { category: "product_version", name: "python3-spacewalk-client-setup-4.3.12-150400.3.6.6.noarch", product: { name: "python3-spacewalk-client-setup-4.3.12-150400.3.6.6.noarch", product_id: "python3-spacewalk-client-setup-4.3.12-150400.3.6.6.noarch", }, }, { category: "product_version", name: "python3-spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", product: { name: "python3-spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", product_id: "python3-spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", }, }, { category: "product_version", name: "python3-urlgrabber-4.1.0-150400.3.6.1.noarch", product: { name: "python3-urlgrabber-4.1.0-150400.3.6.1.noarch", product_id: "python3-urlgrabber-4.1.0-150400.3.6.1.noarch", }, }, { category: "product_version", name: "saltboot-formula-0.1.1661440542.6cbe0da-150400.3.3.1.noarch", product: { name: "saltboot-formula-0.1.1661440542.6cbe0da-150400.3.3.1.noarch", product_id: "saltboot-formula-0.1.1661440542.6cbe0da-150400.3.3.1.noarch", }, }, { category: "product_version", name: "spacecmd-4.3.15-150400.3.6.4.noarch", product: { name: "spacecmd-4.3.15-150400.3.6.4.noarch", product_id: "spacecmd-4.3.15-150400.3.6.4.noarch", }, }, { category: "product_version", name: "spacewalk-admin-4.3.10-150400.3.3.2.noarch", product: { name: "spacewalk-admin-4.3.10-150400.3.3.2.noarch", product_id: "spacewalk-admin-4.3.10-150400.3.3.2.noarch", }, }, { category: "product_version", name: "spacewalk-backend-4.3.16-150400.3.6.8.noarch", product: { name: "spacewalk-backend-4.3.16-150400.3.6.8.noarch", product_id: "spacewalk-backend-4.3.16-150400.3.6.8.noarch", }, }, { category: "product_version", name: "spacewalk-backend-app-4.3.16-150400.3.6.8.noarch", product: { name: "spacewalk-backend-app-4.3.16-150400.3.6.8.noarch", product_id: "spacewalk-backend-app-4.3.16-150400.3.6.8.noarch", }, }, { category: "product_version", name: "spacewalk-backend-applet-4.3.16-150400.3.6.8.noarch", product: { name: "spacewalk-backend-applet-4.3.16-150400.3.6.8.noarch", product_id: "spacewalk-backend-applet-4.3.16-150400.3.6.8.noarch", }, }, { category: "product_version", name: "spacewalk-backend-cdn-4.3.16-150400.3.6.8.noarch", product: { name: "spacewalk-backend-cdn-4.3.16-150400.3.6.8.noarch", product_id: "spacewalk-backend-cdn-4.3.16-150400.3.6.8.noarch", }, }, { category: "product_version", name: "spacewalk-backend-config-files-4.3.16-150400.3.6.8.noarch", product: { name: "spacewalk-backend-config-files-4.3.16-150400.3.6.8.noarch", product_id: "spacewalk-backend-config-files-4.3.16-150400.3.6.8.noarch", }, }, { category: "product_version", name: "spacewalk-backend-config-files-common-4.3.16-150400.3.6.8.noarch", product: { name: "spacewalk-backend-config-files-common-4.3.16-150400.3.6.8.noarch", product_id: "spacewalk-backend-config-files-common-4.3.16-150400.3.6.8.noarch", }, }, { category: "product_version", name: "spacewalk-backend-config-files-tool-4.3.16-150400.3.6.8.noarch", product: { name: "spacewalk-backend-config-files-tool-4.3.16-150400.3.6.8.noarch", product_id: "spacewalk-backend-config-files-tool-4.3.16-150400.3.6.8.noarch", }, }, { category: "product_version", name: "spacewalk-backend-iss-4.3.16-150400.3.6.8.noarch", product: { name: "spacewalk-backend-iss-4.3.16-150400.3.6.8.noarch", product_id: "spacewalk-backend-iss-4.3.16-150400.3.6.8.noarch", }, }, { category: "product_version", name: "spacewalk-backend-iss-export-4.3.16-150400.3.6.8.noarch", product: { name: "spacewalk-backend-iss-export-4.3.16-150400.3.6.8.noarch", product_id: "spacewalk-backend-iss-export-4.3.16-150400.3.6.8.noarch", }, }, { category: "product_version", name: "spacewalk-backend-package-push-server-4.3.16-150400.3.6.8.noarch", product: { name: "spacewalk-backend-package-push-server-4.3.16-150400.3.6.8.noarch", product_id: "spacewalk-backend-package-push-server-4.3.16-150400.3.6.8.noarch", }, }, { category: "product_version", name: "spacewalk-backend-server-4.3.16-150400.3.6.8.noarch", product: { name: "spacewalk-backend-server-4.3.16-150400.3.6.8.noarch", product_id: "spacewalk-backend-server-4.3.16-150400.3.6.8.noarch", }, }, { category: "product_version", name: "spacewalk-backend-sql-4.3.16-150400.3.6.8.noarch", product: { name: "spacewalk-backend-sql-4.3.16-150400.3.6.8.noarch", product_id: "spacewalk-backend-sql-4.3.16-150400.3.6.8.noarch", }, }, { category: "product_version", name: "spacewalk-backend-sql-postgresql-4.3.16-150400.3.6.8.noarch", product: { name: "spacewalk-backend-sql-postgresql-4.3.16-150400.3.6.8.noarch", product_id: "spacewalk-backend-sql-postgresql-4.3.16-150400.3.6.8.noarch", }, }, { category: "product_version", name: "spacewalk-backend-tools-4.3.16-150400.3.6.8.noarch", product: { name: "spacewalk-backend-tools-4.3.16-150400.3.6.8.noarch", product_id: "spacewalk-backend-tools-4.3.16-150400.3.6.8.noarch", }, }, { category: "product_version", name: "spacewalk-backend-xml-export-libs-4.3.16-150400.3.6.8.noarch", product: { name: "spacewalk-backend-xml-export-libs-4.3.16-150400.3.6.8.noarch", product_id: "spacewalk-backend-xml-export-libs-4.3.16-150400.3.6.8.noarch", }, }, { category: "product_version", name: "spacewalk-backend-xmlrpc-4.3.16-150400.3.6.8.noarch", product: { name: "spacewalk-backend-xmlrpc-4.3.16-150400.3.6.8.noarch", product_id: "spacewalk-backend-xmlrpc-4.3.16-150400.3.6.8.noarch", }, }, { category: "product_version", name: "spacewalk-base-4.3.24-150400.3.6.4.noarch", product: { name: "spacewalk-base-4.3.24-150400.3.6.4.noarch", product_id: "spacewalk-base-4.3.24-150400.3.6.4.noarch", }, }, { category: "product_version", name: "spacewalk-base-minimal-4.3.24-150400.3.6.4.noarch", product: { name: "spacewalk-base-minimal-4.3.24-150400.3.6.4.noarch", product_id: "spacewalk-base-minimal-4.3.24-150400.3.6.4.noarch", }, }, { category: "product_version", name: "spacewalk-base-minimal-config-4.3.24-150400.3.6.4.noarch", product: { name: "spacewalk-base-minimal-config-4.3.24-150400.3.6.4.noarch", product_id: "spacewalk-base-minimal-config-4.3.24-150400.3.6.4.noarch", }, }, { category: "product_version", name: "spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", product: { name: "spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", product_id: "spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", }, }, { category: "product_version", name: "spacewalk-check-4.3.12-150400.3.6.6.noarch", product: { name: "spacewalk-check-4.3.12-150400.3.6.6.noarch", product_id: "spacewalk-check-4.3.12-150400.3.6.6.noarch", }, }, { category: "product_version", name: "spacewalk-client-setup-4.3.12-150400.3.6.6.noarch", product: { name: "spacewalk-client-setup-4.3.12-150400.3.6.6.noarch", product_id: "spacewalk-client-setup-4.3.12-150400.3.6.6.noarch", }, }, { category: "product_version", name: "spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", product: { name: "spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", product_id: "spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", }, }, { category: "product_version", name: "spacewalk-dobby-4.3.24-150400.3.6.4.noarch", product: { name: "spacewalk-dobby-4.3.24-150400.3.6.4.noarch", product_id: "spacewalk-dobby-4.3.24-150400.3.6.4.noarch", }, }, { category: "product_version", name: "spacewalk-html-4.3.24-150400.3.6.4.noarch", product: { name: "spacewalk-html-4.3.24-150400.3.6.4.noarch", product_id: "spacewalk-html-4.3.24-150400.3.6.4.noarch", }, }, { category: "product_version", name: "spacewalk-html-debug-4.3.24-150400.3.6.4.noarch", product: { name: "spacewalk-html-debug-4.3.24-150400.3.6.4.noarch", product_id: "spacewalk-html-debug-4.3.24-150400.3.6.4.noarch", }, }, { category: "product_version", name: "spacewalk-java-4.3.38-150400.3.8.3.noarch", product: { name: "spacewalk-java-4.3.38-150400.3.8.3.noarch", product_id: "spacewalk-java-4.3.38-150400.3.8.3.noarch", }, }, { category: "product_version", name: "spacewalk-java-apidoc-sources-4.3.38-150400.3.8.3.noarch", product: { name: "spacewalk-java-apidoc-sources-4.3.38-150400.3.8.3.noarch", product_id: "spacewalk-java-apidoc-sources-4.3.38-150400.3.8.3.noarch", }, }, { category: "product_version", name: "spacewalk-java-config-4.3.38-150400.3.8.3.noarch", product: { name: "spacewalk-java-config-4.3.38-150400.3.8.3.noarch", product_id: "spacewalk-java-config-4.3.38-150400.3.8.3.noarch", }, }, { category: "product_version", name: "spacewalk-java-lib-4.3.38-150400.3.8.3.noarch", product: { name: "spacewalk-java-lib-4.3.38-150400.3.8.3.noarch", product_id: "spacewalk-java-lib-4.3.38-150400.3.8.3.noarch", }, }, { category: "product_version", name: "spacewalk-java-postgresql-4.3.38-150400.3.8.3.noarch", product: { name: "spacewalk-java-postgresql-4.3.38-150400.3.8.3.noarch", product_id: "spacewalk-java-postgresql-4.3.38-150400.3.8.3.noarch", }, }, { category: "product_version", name: "spacewalk-search-4.3.7-150400.3.6.2.noarch", product: { name: "spacewalk-search-4.3.7-150400.3.6.2.noarch", product_id: "spacewalk-search-4.3.7-150400.3.6.2.noarch", }, }, { category: "product_version", name: "spacewalk-setup-4.3.12-150400.3.8.1.noarch", product: { name: "spacewalk-setup-4.3.12-150400.3.8.1.noarch", product_id: "spacewalk-setup-4.3.12-150400.3.8.1.noarch", }, }, { category: "product_version", name: "spacewalk-taskomatic-4.3.38-150400.3.8.3.noarch", product: { name: "spacewalk-taskomatic-4.3.38-150400.3.8.3.noarch", product_id: "spacewalk-taskomatic-4.3.38-150400.3.8.3.noarch", }, }, { category: "product_version", name: "spacewalk-utils-4.3.14-150400.3.6.3.noarch", product: { name: "spacewalk-utils-4.3.14-150400.3.6.3.noarch", product_id: "spacewalk-utils-4.3.14-150400.3.6.3.noarch", }, }, { category: "product_version", name: "spacewalk-utils-extras-4.3.14-150400.3.6.3.noarch", product: { name: "spacewalk-utils-extras-4.3.14-150400.3.6.3.noarch", product_id: "spacewalk-utils-extras-4.3.14-150400.3.6.3.noarch", }, }, { category: "product_version", name: "subscription-matcher-0.29-150400.3.7.1.noarch", product: { name: "subscription-matcher-0.29-150400.3.7.1.noarch", product_id: "subscription-matcher-0.29-150400.3.7.1.noarch", }, }, { category: "product_version", name: "susemanager-build-keys-15.4.3-150400.3.6.1.noarch", product: { name: "susemanager-build-keys-15.4.3-150400.3.6.1.noarch", product_id: "susemanager-build-keys-15.4.3-150400.3.6.1.noarch", }, }, { category: "product_version", name: "susemanager-build-keys-web-15.4.3-150400.3.6.1.noarch", product: { name: "susemanager-build-keys-web-15.4.3-150400.3.6.1.noarch", product_id: "susemanager-build-keys-web-15.4.3-150400.3.6.1.noarch", }, }, { category: "product_version", name: "susemanager-docs_en-4.3-150400.9.6.1.noarch", product: { name: "susemanager-docs_en-4.3-150400.9.6.1.noarch", product_id: "susemanager-docs_en-4.3-150400.9.6.1.noarch", }, }, { category: "product_version", name: "susemanager-docs_en-pdf-4.3-150400.9.6.1.noarch", product: { name: "susemanager-docs_en-pdf-4.3-150400.9.6.1.noarch", product_id: "susemanager-docs_en-pdf-4.3-150400.9.6.1.noarch", }, }, { category: "product_version", name: "susemanager-schema-4.3.14-150400.3.6.5.noarch", product: { name: "susemanager-schema-4.3.14-150400.3.6.5.noarch", product_id: "susemanager-schema-4.3.14-150400.3.6.5.noarch", }, }, { category: "product_version", name: "susemanager-schema-sanity-4.3.14-150400.3.6.5.noarch", product: { name: "susemanager-schema-sanity-4.3.14-150400.3.6.5.noarch", product_id: "susemanager-schema-sanity-4.3.14-150400.3.6.5.noarch", }, }, { category: "product_version", name: "susemanager-schema-utility-4.3.14-150400.3.6.5.noarch", product: { name: "susemanager-schema-utility-4.3.14-150400.3.6.5.noarch", product_id: "susemanager-schema-utility-4.3.14-150400.3.6.5.noarch", }, }, { category: "product_version", name: "susemanager-sls-4.3.25-150400.3.6.4.noarch", product: { name: "susemanager-sls-4.3.25-150400.3.6.4.noarch", product_id: "susemanager-sls-4.3.25-150400.3.6.4.noarch", }, }, { category: "product_version", name: "susemanager-sync-data-4.3.9-150400.3.3.1.noarch", product: { name: "susemanager-sync-data-4.3.9-150400.3.3.1.noarch", product_id: "susemanager-sync-data-4.3.9-150400.3.3.1.noarch", }, }, { category: "product_version", name: "susemanager-tftpsync-recv-4.3.7-150400.3.3.3.noarch", product: { name: "susemanager-tftpsync-recv-4.3.7-150400.3.3.3.noarch", product_id: "susemanager-tftpsync-recv-4.3.7-150400.3.3.3.noarch", }, }, { category: "product_version", name: "uyuni-config-modules-4.3.25-150400.3.6.4.noarch", product: { name: "uyuni-config-modules-4.3.25-150400.3.6.4.noarch", product_id: "uyuni-config-modules-4.3.25-150400.3.6.4.noarch", }, }, { category: "product_version", name: "uyuni-reportdb-schema-4.3.6-150400.3.3.6.noarch", product: { name: "uyuni-reportdb-schema-4.3.6-150400.3.3.6.noarch", product_id: "uyuni-reportdb-schema-4.3.6-150400.3.3.6.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "inter-server-sync-0.2.3-150400.3.6.1.ppc64le", product: { name: "inter-server-sync-0.2.3-150400.3.6.1.ppc64le", product_id: "inter-server-sync-0.2.3-150400.3.6.1.ppc64le", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.3.6-150400.3.6.4.ppc64le", product: { name: "python2-uyuni-common-libs-4.3.6-150400.3.6.4.ppc64le", product_id: "python2-uyuni-common-libs-4.3.6-150400.3.6.4.ppc64le", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.3.6-150400.3.6.4.ppc64le", product: { name: "python3-uyuni-common-libs-4.3.6-150400.3.6.4.ppc64le", product_id: "python3-uyuni-common-libs-4.3.6-150400.3.6.4.ppc64le", }, }, { category: "product_version", name: "reprepro-5.4.0-150400.3.6.1.ppc64le", product: { name: "reprepro-5.4.0-150400.3.6.1.ppc64le", product_id: "reprepro-5.4.0-150400.3.6.1.ppc64le", }, }, { category: "product_version", name: "susemanager-4.3.19-150400.3.6.4.ppc64le", product: { name: "susemanager-4.3.19-150400.3.6.4.ppc64le", product_id: "susemanager-4.3.19-150400.3.6.4.ppc64le", }, }, { category: "product_version", name: "susemanager-tftpsync-4.3.2-150400.3.3.4.ppc64le", product: { name: "susemanager-tftpsync-4.3.2-150400.3.3.4.ppc64le", product_id: "susemanager-tftpsync-4.3.2-150400.3.3.4.ppc64le", }, }, { category: "product_version", name: "susemanager-tools-4.3.19-150400.3.6.4.ppc64le", product: { name: "susemanager-tools-4.3.19-150400.3.6.4.ppc64le", product_id: "susemanager-tools-4.3.19-150400.3.6.4.ppc64le", }, }, { category: "product_version", name: "python3-magic-5.32-150000.7.16.1.ppc64le", product: { name: "python3-magic-5.32-150000.7.16.1.ppc64le", product_id: "python3-magic-5.32-150000.7.16.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "inter-server-sync-0.2.3-150400.3.6.1.s390x", product: { name: "inter-server-sync-0.2.3-150400.3.6.1.s390x", product_id: "inter-server-sync-0.2.3-150400.3.6.1.s390x", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.3.6-150400.3.6.4.s390x", product: { name: "python2-uyuni-common-libs-4.3.6-150400.3.6.4.s390x", product_id: "python2-uyuni-common-libs-4.3.6-150400.3.6.4.s390x", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.3.6-150400.3.6.4.s390x", product: { name: "python3-uyuni-common-libs-4.3.6-150400.3.6.4.s390x", product_id: "python3-uyuni-common-libs-4.3.6-150400.3.6.4.s390x", }, }, { category: "product_version", name: "reprepro-5.4.0-150400.3.6.1.s390x", product: { name: "reprepro-5.4.0-150400.3.6.1.s390x", product_id: "reprepro-5.4.0-150400.3.6.1.s390x", }, }, { category: "product_version", name: "susemanager-4.3.19-150400.3.6.4.s390x", product: { name: "susemanager-4.3.19-150400.3.6.4.s390x", product_id: "susemanager-4.3.19-150400.3.6.4.s390x", }, }, { category: "product_version", name: "susemanager-tftpsync-4.3.2-150400.3.3.4.s390x", product: { name: "susemanager-tftpsync-4.3.2-150400.3.3.4.s390x", product_id: "susemanager-tftpsync-4.3.2-150400.3.3.4.s390x", }, }, { category: "product_version", name: "susemanager-tools-4.3.19-150400.3.6.4.s390x", product: { name: "susemanager-tools-4.3.19-150400.3.6.4.s390x", product_id: "susemanager-tools-4.3.19-150400.3.6.4.s390x", }, }, { category: "product_version", name: "python3-magic-5.32-150000.7.16.1.s390x", product: { name: "python3-magic-5.32-150000.7.16.1.s390x", product_id: "python3-magic-5.32-150000.7.16.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "inter-server-sync-0.2.3-150400.3.6.1.x86_64", product: { name: "inter-server-sync-0.2.3-150400.3.6.1.x86_64", product_id: "inter-server-sync-0.2.3-150400.3.6.1.x86_64", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64", product: { name: "python2-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64", product_id: "python2-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64", product: { name: "python3-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64", product_id: "python3-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64", }, }, { category: "product_version", name: "reprepro-5.4.0-150400.3.6.1.x86_64", product: { name: "reprepro-5.4.0-150400.3.6.1.x86_64", product_id: "reprepro-5.4.0-150400.3.6.1.x86_64", }, }, { category: "product_version", name: "susemanager-4.3.19-150400.3.6.4.x86_64", product: { name: "susemanager-4.3.19-150400.3.6.4.x86_64", product_id: "susemanager-4.3.19-150400.3.6.4.x86_64", }, }, { category: "product_version", name: "susemanager-tftpsync-4.3.2-150400.3.3.4.x86_64", product: { name: "susemanager-tftpsync-4.3.2-150400.3.3.4.x86_64", product_id: "susemanager-tftpsync-4.3.2-150400.3.3.4.x86_64", }, }, { category: "product_version", name: "susemanager-tools-4.3.19-150400.3.6.4.x86_64", product: { name: "susemanager-tools-4.3.19-150400.3.6.4.x86_64", product_id: "susemanager-tools-4.3.19-150400.3.6.4.x86_64", }, }, { category: "product_version", name: "python3-magic-5.32-150000.7.16.1.x86_64", product: { name: "python3-magic-5.32-150000.7.16.1.x86_64", product_id: "python3-magic-5.32-150000.7.16.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Manager Proxy Module 4.3", product: { name: "SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-suse-manager-proxy:4.3", }, }, }, { category: "product_name", name: "SUSE Manager Server Module 4.3", product: { name: "SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-suse-manager-server:4.3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "mgr-daemon-4.3.6-150400.3.6.4.noarch as component of SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3:mgr-daemon-4.3.6-150400.3.6.4.noarch", }, product_reference: "mgr-daemon-4.3.6-150400.3.6.4.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch as component of SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3:python3-spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", }, product_reference: "python3-spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-check-4.3.12-150400.3.6.6.noarch as component of SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3:python3-spacewalk-check-4.3.12-150400.3.6.6.noarch", }, product_reference: "python3-spacewalk-check-4.3.12-150400.3.6.6.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-client-setup-4.3.12-150400.3.6.6.noarch as component of SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3:python3-spacewalk-client-setup-4.3.12-150400.3.6.6.noarch", }, product_reference: "python3-spacewalk-client-setup-4.3.12-150400.3.6.6.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-client-tools-4.3.12-150400.3.6.6.noarch as component of SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3:python3-spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", }, product_reference: "python3-spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64 as component of SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64", }, product_reference: "python3-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64", relates_to_product_reference: "SUSE Manager Proxy Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacecmd-4.3.15-150400.3.6.4.noarch as component of SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3:spacecmd-4.3.15-150400.3.6.4.noarch", }, product_reference: "spacecmd-4.3.15-150400.3.6.4.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-4.3.16-150400.3.6.8.noarch as component of SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3:spacewalk-backend-4.3.16-150400.3.6.8.noarch", }, product_reference: "spacewalk-backend-4.3.16-150400.3.6.8.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-base-minimal-4.3.24-150400.3.6.4.noarch as component of SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-4.3.24-150400.3.6.4.noarch", }, product_reference: "spacewalk-base-minimal-4.3.24-150400.3.6.4.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-base-minimal-config-4.3.24-150400.3.6.4.noarch as component of SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-config-4.3.24-150400.3.6.4.noarch", }, product_reference: "spacewalk-base-minimal-config-4.3.24-150400.3.6.4.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch as component of SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3:spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", }, product_reference: "spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-check-4.3.12-150400.3.6.6.noarch as component of SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3:spacewalk-check-4.3.12-150400.3.6.6.noarch", }, product_reference: "spacewalk-check-4.3.12-150400.3.6.6.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-client-setup-4.3.12-150400.3.6.6.noarch as component of SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3:spacewalk-client-setup-4.3.12-150400.3.6.6.noarch", }, product_reference: "spacewalk-client-setup-4.3.12-150400.3.6.6.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-client-tools-4.3.12-150400.3.6.6.noarch as component of SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3:spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", }, product_reference: "spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-build-keys-15.4.3-150400.3.6.1.noarch as component of SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3:susemanager-build-keys-15.4.3-150400.3.6.1.noarch", }, product_reference: "susemanager-build-keys-15.4.3-150400.3.6.1.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-build-keys-web-15.4.3-150400.3.6.1.noarch as component of SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3:susemanager-build-keys-web-15.4.3-150400.3.6.1.noarch", }, product_reference: "susemanager-build-keys-web-15.4.3-150400.3.6.1.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-tftpsync-recv-4.3.7-150400.3.3.3.noarch as component of SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3:susemanager-tftpsync-recv-4.3.7-150400.3.3.3.noarch", }, product_reference: "susemanager-tftpsync-recv-4.3.7-150400.3.3.3.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.3", }, { category: "default_component_of", full_product_name: { name: "cobbler-3.3.3-150400.5.7.1.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:cobbler-3.3.3-150400.5.7.1.noarch", }, product_reference: "cobbler-3.3.3-150400.5.7.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "drools-7.17.0-150400.3.6.1.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:drools-7.17.0-150400.3.6.1.noarch", }, product_reference: "drools-7.17.0-150400.3.6.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "image-sync-formula-0.1.1661440542.6cbe0da-150400.3.6.1.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:image-sync-formula-0.1.1661440542.6cbe0da-150400.3.6.1.noarch", }, product_reference: "image-sync-formula-0.1.1661440542.6cbe0da-150400.3.6.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "inter-server-sync-0.2.3-150400.3.6.1.ppc64le as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:inter-server-sync-0.2.3-150400.3.6.1.ppc64le", }, product_reference: "inter-server-sync-0.2.3-150400.3.6.1.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "inter-server-sync-0.2.3-150400.3.6.1.s390x as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:inter-server-sync-0.2.3-150400.3.6.1.s390x", }, product_reference: "inter-server-sync-0.2.3-150400.3.6.1.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "inter-server-sync-0.2.3-150400.3.6.1.x86_64 as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:inter-server-sync-0.2.3-150400.3.6.1.x86_64", }, product_reference: "inter-server-sync-0.2.3-150400.3.6.1.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "locale-formula-0.3-150400.3.3.1.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:locale-formula-0.3-150400.3.3.1.noarch", }, product_reference: "locale-formula-0.3-150400.3.3.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-magic-5.32-150000.7.16.1.ppc64le as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:python3-magic-5.32-150000.7.16.1.ppc64le", }, product_reference: "python3-magic-5.32-150000.7.16.1.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-magic-5.32-150000.7.16.1.s390x as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:python3-magic-5.32-150000.7.16.1.s390x", }, product_reference: "python3-magic-5.32-150000.7.16.1.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-magic-5.32-150000.7.16.1.x86_64 as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:python3-magic-5.32-150000.7.16.1.x86_64", }, product_reference: "python3-magic-5.32-150000.7.16.1.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-schema-0.6.7-150400.10.3.1.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:python3-schema-0.6.7-150400.10.3.1.noarch", }, product_reference: "python3-schema-0.6.7-150400.10.3.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:python3-spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", }, product_reference: "python3-spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-client-tools-4.3.12-150400.3.6.6.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:python3-spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", }, product_reference: "python3-spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-urlgrabber-4.1.0-150400.3.6.1.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:python3-urlgrabber-4.1.0-150400.3.6.1.noarch", }, product_reference: "python3-urlgrabber-4.1.0-150400.3.6.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-uyuni-common-libs-4.3.6-150400.3.6.4.ppc64le as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.ppc64le", }, product_reference: "python3-uyuni-common-libs-4.3.6-150400.3.6.4.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-uyuni-common-libs-4.3.6-150400.3.6.4.s390x as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.s390x", }, product_reference: "python3-uyuni-common-libs-4.3.6-150400.3.6.4.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "python3-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64 as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64", }, product_reference: "python3-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "reprepro-5.4.0-150400.3.6.1.ppc64le as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:reprepro-5.4.0-150400.3.6.1.ppc64le", }, product_reference: "reprepro-5.4.0-150400.3.6.1.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "reprepro-5.4.0-150400.3.6.1.s390x as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:reprepro-5.4.0-150400.3.6.1.s390x", }, product_reference: "reprepro-5.4.0-150400.3.6.1.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "reprepro-5.4.0-150400.3.6.1.x86_64 as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:reprepro-5.4.0-150400.3.6.1.x86_64", }, product_reference: "reprepro-5.4.0-150400.3.6.1.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "saltboot-formula-0.1.1661440542.6cbe0da-150400.3.3.1.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:saltboot-formula-0.1.1661440542.6cbe0da-150400.3.3.1.noarch", }, product_reference: "saltboot-formula-0.1.1661440542.6cbe0da-150400.3.3.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacecmd-4.3.15-150400.3.6.4.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacecmd-4.3.15-150400.3.6.4.noarch", }, product_reference: "spacecmd-4.3.15-150400.3.6.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-admin-4.3.10-150400.3.3.2.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-admin-4.3.10-150400.3.3.2.noarch", }, product_reference: "spacewalk-admin-4.3.10-150400.3.3.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-4.3.16-150400.3.6.8.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-4.3.16-150400.3.6.8.noarch", }, product_reference: "spacewalk-backend-4.3.16-150400.3.6.8.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-app-4.3.16-150400.3.6.8.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-app-4.3.16-150400.3.6.8.noarch", }, product_reference: "spacewalk-backend-app-4.3.16-150400.3.6.8.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-applet-4.3.16-150400.3.6.8.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-applet-4.3.16-150400.3.6.8.noarch", }, product_reference: "spacewalk-backend-applet-4.3.16-150400.3.6.8.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-config-files-4.3.16-150400.3.6.8.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-4.3.16-150400.3.6.8.noarch", }, product_reference: "spacewalk-backend-config-files-4.3.16-150400.3.6.8.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-config-files-common-4.3.16-150400.3.6.8.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-common-4.3.16-150400.3.6.8.noarch", }, product_reference: "spacewalk-backend-config-files-common-4.3.16-150400.3.6.8.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-config-files-tool-4.3.16-150400.3.6.8.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-tool-4.3.16-150400.3.6.8.noarch", }, product_reference: "spacewalk-backend-config-files-tool-4.3.16-150400.3.6.8.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-iss-4.3.16-150400.3.6.8.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-iss-4.3.16-150400.3.6.8.noarch", }, product_reference: "spacewalk-backend-iss-4.3.16-150400.3.6.8.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-iss-export-4.3.16-150400.3.6.8.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-iss-export-4.3.16-150400.3.6.8.noarch", }, product_reference: "spacewalk-backend-iss-export-4.3.16-150400.3.6.8.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-package-push-server-4.3.16-150400.3.6.8.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-package-push-server-4.3.16-150400.3.6.8.noarch", }, product_reference: "spacewalk-backend-package-push-server-4.3.16-150400.3.6.8.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-server-4.3.16-150400.3.6.8.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-server-4.3.16-150400.3.6.8.noarch", }, product_reference: "spacewalk-backend-server-4.3.16-150400.3.6.8.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-sql-4.3.16-150400.3.6.8.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-sql-4.3.16-150400.3.6.8.noarch", }, product_reference: "spacewalk-backend-sql-4.3.16-150400.3.6.8.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-sql-postgresql-4.3.16-150400.3.6.8.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-sql-postgresql-4.3.16-150400.3.6.8.noarch", }, product_reference: "spacewalk-backend-sql-postgresql-4.3.16-150400.3.6.8.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-tools-4.3.16-150400.3.6.8.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-tools-4.3.16-150400.3.6.8.noarch", }, product_reference: "spacewalk-backend-tools-4.3.16-150400.3.6.8.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-xml-export-libs-4.3.16-150400.3.6.8.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-xml-export-libs-4.3.16-150400.3.6.8.noarch", }, product_reference: "spacewalk-backend-xml-export-libs-4.3.16-150400.3.6.8.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-xmlrpc-4.3.16-150400.3.6.8.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-backend-xmlrpc-4.3.16-150400.3.6.8.noarch", }, product_reference: "spacewalk-backend-xmlrpc-4.3.16-150400.3.6.8.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-base-4.3.24-150400.3.6.4.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-base-4.3.24-150400.3.6.4.noarch", }, product_reference: "spacewalk-base-4.3.24-150400.3.6.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-base-minimal-4.3.24-150400.3.6.4.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-base-minimal-4.3.24-150400.3.6.4.noarch", }, product_reference: "spacewalk-base-minimal-4.3.24-150400.3.6.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-base-minimal-config-4.3.24-150400.3.6.4.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-base-minimal-config-4.3.24-150400.3.6.4.noarch", }, product_reference: "spacewalk-base-minimal-config-4.3.24-150400.3.6.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", }, product_reference: "spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-client-tools-4.3.12-150400.3.6.6.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", }, product_reference: "spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-html-4.3.24-150400.3.6.4.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-html-4.3.24-150400.3.6.4.noarch", }, product_reference: "spacewalk-html-4.3.24-150400.3.6.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-java-4.3.38-150400.3.8.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-java-4.3.38-150400.3.8.3.noarch", }, product_reference: "spacewalk-java-4.3.38-150400.3.8.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-java-config-4.3.38-150400.3.8.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-java-config-4.3.38-150400.3.8.3.noarch", }, product_reference: "spacewalk-java-config-4.3.38-150400.3.8.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-java-lib-4.3.38-150400.3.8.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-java-lib-4.3.38-150400.3.8.3.noarch", }, product_reference: "spacewalk-java-lib-4.3.38-150400.3.8.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-java-postgresql-4.3.38-150400.3.8.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-java-postgresql-4.3.38-150400.3.8.3.noarch", }, product_reference: "spacewalk-java-postgresql-4.3.38-150400.3.8.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-search-4.3.7-150400.3.6.2.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-search-4.3.7-150400.3.6.2.noarch", }, product_reference: "spacewalk-search-4.3.7-150400.3.6.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-setup-4.3.12-150400.3.8.1.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-setup-4.3.12-150400.3.8.1.noarch", }, product_reference: "spacewalk-setup-4.3.12-150400.3.8.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-taskomatic-4.3.38-150400.3.8.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-taskomatic-4.3.38-150400.3.8.3.noarch", }, product_reference: "spacewalk-taskomatic-4.3.38-150400.3.8.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-utils-4.3.14-150400.3.6.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-utils-4.3.14-150400.3.6.3.noarch", }, product_reference: "spacewalk-utils-4.3.14-150400.3.6.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "spacewalk-utils-extras-4.3.14-150400.3.6.3.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:spacewalk-utils-extras-4.3.14-150400.3.6.3.noarch", }, product_reference: "spacewalk-utils-extras-4.3.14-150400.3.6.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "subscription-matcher-0.29-150400.3.7.1.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:subscription-matcher-0.29-150400.3.7.1.noarch", }, product_reference: "subscription-matcher-0.29-150400.3.7.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-4.3.19-150400.3.6.4.ppc64le as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-4.3.19-150400.3.6.4.ppc64le", }, product_reference: "susemanager-4.3.19-150400.3.6.4.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-4.3.19-150400.3.6.4.s390x as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-4.3.19-150400.3.6.4.s390x", }, product_reference: "susemanager-4.3.19-150400.3.6.4.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-4.3.19-150400.3.6.4.x86_64 as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-4.3.19-150400.3.6.4.x86_64", }, product_reference: "susemanager-4.3.19-150400.3.6.4.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-build-keys-15.4.3-150400.3.6.1.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-build-keys-15.4.3-150400.3.6.1.noarch", }, product_reference: "susemanager-build-keys-15.4.3-150400.3.6.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-build-keys-web-15.4.3-150400.3.6.1.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-build-keys-web-15.4.3-150400.3.6.1.noarch", }, product_reference: "susemanager-build-keys-web-15.4.3-150400.3.6.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-docs_en-4.3-150400.9.6.1.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-docs_en-4.3-150400.9.6.1.noarch", }, product_reference: "susemanager-docs_en-4.3-150400.9.6.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-docs_en-pdf-4.3-150400.9.6.1.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-docs_en-pdf-4.3-150400.9.6.1.noarch", }, product_reference: "susemanager-docs_en-pdf-4.3-150400.9.6.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-schema-4.3.14-150400.3.6.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-schema-4.3.14-150400.3.6.5.noarch", }, product_reference: "susemanager-schema-4.3.14-150400.3.6.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-schema-utility-4.3.14-150400.3.6.5.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-schema-utility-4.3.14-150400.3.6.5.noarch", }, product_reference: "susemanager-schema-utility-4.3.14-150400.3.6.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-sls-4.3.25-150400.3.6.4.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-sls-4.3.25-150400.3.6.4.noarch", }, product_reference: "susemanager-sls-4.3.25-150400.3.6.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-sync-data-4.3.9-150400.3.3.1.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-sync-data-4.3.9-150400.3.3.1.noarch", }, product_reference: "susemanager-sync-data-4.3.9-150400.3.3.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-tftpsync-4.3.2-150400.3.3.4.ppc64le as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.2-150400.3.3.4.ppc64le", }, product_reference: "susemanager-tftpsync-4.3.2-150400.3.3.4.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-tftpsync-4.3.2-150400.3.3.4.s390x as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.2-150400.3.3.4.s390x", }, product_reference: "susemanager-tftpsync-4.3.2-150400.3.3.4.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-tftpsync-4.3.2-150400.3.3.4.x86_64 as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.2-150400.3.3.4.x86_64", }, product_reference: "susemanager-tftpsync-4.3.2-150400.3.3.4.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-tools-4.3.19-150400.3.6.4.ppc64le as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-tools-4.3.19-150400.3.6.4.ppc64le", }, product_reference: "susemanager-tools-4.3.19-150400.3.6.4.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-tools-4.3.19-150400.3.6.4.s390x as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-tools-4.3.19-150400.3.6.4.s390x", }, product_reference: "susemanager-tools-4.3.19-150400.3.6.4.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "susemanager-tools-4.3.19-150400.3.6.4.x86_64 as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:susemanager-tools-4.3.19-150400.3.6.4.x86_64", }, product_reference: "susemanager-tools-4.3.19-150400.3.6.4.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "uyuni-config-modules-4.3.25-150400.3.6.4.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:uyuni-config-modules-4.3.25-150400.3.6.4.noarch", }, product_reference: "uyuni-config-modules-4.3.25-150400.3.6.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, { category: "default_component_of", full_product_name: { name: "uyuni-reportdb-schema-4.3.6-150400.3.3.6.noarch as component of SUSE Manager Server Module 4.3", product_id: "SUSE Manager Server Module 4.3:uyuni-reportdb-schema-4.3.6-150400.3.3.6.noarch", }, product_reference: "uyuni-reportdb-schema-4.3.6-150400.3.3.6.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.3", }, ], }, vulnerabilities: [ { cve: "CVE-2021-41411", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41411", }, ], notes: [ { category: "general", text: "drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy Module 4.3:mgr-daemon-4.3.6-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-check-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-client-setup-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64", "SUSE Manager Proxy Module 4.3:spacecmd-4.3.15-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-backend-4.3.16-150400.3.6.8.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-4.3.24-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-config-4.3.24-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-check-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-client-setup-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:susemanager-build-keys-15.4.3-150400.3.6.1.noarch", "SUSE Manager Proxy Module 4.3:susemanager-build-keys-web-15.4.3-150400.3.6.1.noarch", "SUSE Manager Proxy Module 4.3:susemanager-tftpsync-recv-4.3.7-150400.3.3.3.noarch", "SUSE Manager Server Module 4.3:cobbler-3.3.3-150400.5.7.1.noarch", "SUSE Manager Server Module 4.3:drools-7.17.0-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:image-sync-formula-0.1.1661440542.6cbe0da-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.3-150400.3.6.1.ppc64le", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.3-150400.3.6.1.s390x", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.3-150400.3.6.1.x86_64", "SUSE Manager Server Module 4.3:locale-formula-0.3-150400.3.3.1.noarch", "SUSE Manager Server Module 4.3:python3-magic-5.32-150000.7.16.1.ppc64le", "SUSE Manager Server Module 4.3:python3-magic-5.32-150000.7.16.1.s390x", "SUSE Manager Server Module 4.3:python3-magic-5.32-150000.7.16.1.x86_64", "SUSE Manager Server Module 4.3:python3-schema-0.6.7-150400.10.3.1.noarch", "SUSE Manager Server Module 4.3:python3-spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Server Module 4.3:python3-spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Server Module 4.3:python3-urlgrabber-4.1.0-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.ppc64le", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.s390x", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64", "SUSE Manager Server Module 4.3:reprepro-5.4.0-150400.3.6.1.ppc64le", "SUSE Manager Server Module 4.3:reprepro-5.4.0-150400.3.6.1.s390x", "SUSE Manager Server Module 4.3:reprepro-5.4.0-150400.3.6.1.x86_64", "SUSE Manager Server Module 4.3:saltboot-formula-0.1.1661440542.6cbe0da-150400.3.3.1.noarch", "SUSE Manager Server Module 4.3:spacecmd-4.3.15-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-admin-4.3.10-150400.3.3.2.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-app-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-applet-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-common-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-tool-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-iss-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-iss-export-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-package-push-server-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-server-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-sql-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-sql-postgresql-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-tools-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-xml-export-libs-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-xmlrpc-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-minimal-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-minimal-config-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Server Module 4.3:spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Server Module 4.3:spacewalk-html-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-config-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-lib-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-postgresql-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-search-4.3.7-150400.3.6.2.noarch", "SUSE Manager Server Module 4.3:spacewalk-setup-4.3.12-150400.3.8.1.noarch", "SUSE Manager Server Module 4.3:spacewalk-taskomatic-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-utils-4.3.14-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-utils-extras-4.3.14-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:subscription-matcher-0.29-150400.3.7.1.noarch", "SUSE Manager Server Module 4.3:susemanager-4.3.19-150400.3.6.4.ppc64le", "SUSE Manager Server Module 4.3:susemanager-4.3.19-150400.3.6.4.s390x", "SUSE Manager Server Module 4.3:susemanager-4.3.19-150400.3.6.4.x86_64", "SUSE Manager Server Module 4.3:susemanager-build-keys-15.4.3-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-build-keys-web-15.4.3-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-docs_en-4.3-150400.9.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-docs_en-pdf-4.3-150400.9.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-schema-4.3.14-150400.3.6.5.noarch", "SUSE Manager Server Module 4.3:susemanager-schema-utility-4.3.14-150400.3.6.5.noarch", "SUSE Manager Server Module 4.3:susemanager-sls-4.3.25-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:susemanager-sync-data-4.3.9-150400.3.3.1.noarch", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.2-150400.3.3.4.ppc64le", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.2-150400.3.3.4.s390x", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.2-150400.3.3.4.x86_64", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.19-150400.3.6.4.ppc64le", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.19-150400.3.6.4.s390x", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.19-150400.3.6.4.x86_64", "SUSE Manager Server Module 4.3:uyuni-config-modules-4.3.25-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:uyuni-reportdb-schema-4.3.6-150400.3.3.6.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-41411", url: "https://www.suse.com/security/cve/CVE-2021-41411", }, { category: "external", summary: "SUSE Bug 1200629 for CVE-2021-41411", url: "https://bugzilla.suse.com/1200629", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy Module 4.3:mgr-daemon-4.3.6-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-check-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-client-setup-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64", "SUSE Manager Proxy Module 4.3:spacecmd-4.3.15-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-backend-4.3.16-150400.3.6.8.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-4.3.24-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-config-4.3.24-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-check-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-client-setup-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:susemanager-build-keys-15.4.3-150400.3.6.1.noarch", "SUSE Manager Proxy Module 4.3:susemanager-build-keys-web-15.4.3-150400.3.6.1.noarch", "SUSE Manager Proxy Module 4.3:susemanager-tftpsync-recv-4.3.7-150400.3.3.3.noarch", "SUSE Manager Server Module 4.3:cobbler-3.3.3-150400.5.7.1.noarch", "SUSE Manager Server Module 4.3:drools-7.17.0-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:image-sync-formula-0.1.1661440542.6cbe0da-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.3-150400.3.6.1.ppc64le", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.3-150400.3.6.1.s390x", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.3-150400.3.6.1.x86_64", "SUSE Manager Server Module 4.3:locale-formula-0.3-150400.3.3.1.noarch", "SUSE Manager Server Module 4.3:python3-magic-5.32-150000.7.16.1.ppc64le", "SUSE Manager Server Module 4.3:python3-magic-5.32-150000.7.16.1.s390x", "SUSE Manager Server Module 4.3:python3-magic-5.32-150000.7.16.1.x86_64", "SUSE Manager Server Module 4.3:python3-schema-0.6.7-150400.10.3.1.noarch", "SUSE Manager Server Module 4.3:python3-spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Server Module 4.3:python3-spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Server Module 4.3:python3-urlgrabber-4.1.0-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.ppc64le", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.s390x", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64", "SUSE Manager Server Module 4.3:reprepro-5.4.0-150400.3.6.1.ppc64le", "SUSE Manager Server Module 4.3:reprepro-5.4.0-150400.3.6.1.s390x", "SUSE Manager Server Module 4.3:reprepro-5.4.0-150400.3.6.1.x86_64", "SUSE Manager Server Module 4.3:saltboot-formula-0.1.1661440542.6cbe0da-150400.3.3.1.noarch", "SUSE Manager Server Module 4.3:spacecmd-4.3.15-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-admin-4.3.10-150400.3.3.2.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-app-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-applet-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-common-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-tool-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-iss-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-iss-export-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-package-push-server-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-server-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-sql-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-sql-postgresql-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-tools-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-xml-export-libs-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-xmlrpc-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-minimal-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-minimal-config-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Server Module 4.3:spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Server Module 4.3:spacewalk-html-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-config-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-lib-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-postgresql-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-search-4.3.7-150400.3.6.2.noarch", "SUSE Manager Server Module 4.3:spacewalk-setup-4.3.12-150400.3.8.1.noarch", "SUSE Manager Server Module 4.3:spacewalk-taskomatic-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-utils-4.3.14-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-utils-extras-4.3.14-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:subscription-matcher-0.29-150400.3.7.1.noarch", "SUSE Manager Server Module 4.3:susemanager-4.3.19-150400.3.6.4.ppc64le", "SUSE Manager Server Module 4.3:susemanager-4.3.19-150400.3.6.4.s390x", "SUSE Manager Server Module 4.3:susemanager-4.3.19-150400.3.6.4.x86_64", "SUSE Manager Server Module 4.3:susemanager-build-keys-15.4.3-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-build-keys-web-15.4.3-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-docs_en-4.3-150400.9.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-docs_en-pdf-4.3-150400.9.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-schema-4.3.14-150400.3.6.5.noarch", "SUSE Manager Server Module 4.3:susemanager-schema-utility-4.3.14-150400.3.6.5.noarch", "SUSE Manager Server Module 4.3:susemanager-sls-4.3.25-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:susemanager-sync-data-4.3.9-150400.3.3.1.noarch", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.2-150400.3.3.4.ppc64le", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.2-150400.3.3.4.s390x", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.2-150400.3.3.4.x86_64", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.19-150400.3.6.4.ppc64le", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.19-150400.3.6.4.s390x", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.19-150400.3.6.4.x86_64", "SUSE Manager Server Module 4.3:uyuni-config-modules-4.3.25-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:uyuni-reportdb-schema-4.3.6-150400.3.3.6.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Proxy Module 4.3:mgr-daemon-4.3.6-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-check-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-client-setup-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64", "SUSE Manager Proxy Module 4.3:spacecmd-4.3.15-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-backend-4.3.16-150400.3.6.8.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-4.3.24-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-config-4.3.24-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-check-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-client-setup-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:susemanager-build-keys-15.4.3-150400.3.6.1.noarch", "SUSE Manager Proxy Module 4.3:susemanager-build-keys-web-15.4.3-150400.3.6.1.noarch", "SUSE Manager Proxy Module 4.3:susemanager-tftpsync-recv-4.3.7-150400.3.3.3.noarch", "SUSE Manager Server Module 4.3:cobbler-3.3.3-150400.5.7.1.noarch", "SUSE Manager Server Module 4.3:drools-7.17.0-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:image-sync-formula-0.1.1661440542.6cbe0da-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.3-150400.3.6.1.ppc64le", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.3-150400.3.6.1.s390x", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.3-150400.3.6.1.x86_64", "SUSE Manager Server Module 4.3:locale-formula-0.3-150400.3.3.1.noarch", "SUSE Manager Server Module 4.3:python3-magic-5.32-150000.7.16.1.ppc64le", "SUSE Manager Server Module 4.3:python3-magic-5.32-150000.7.16.1.s390x", "SUSE Manager Server Module 4.3:python3-magic-5.32-150000.7.16.1.x86_64", "SUSE Manager Server Module 4.3:python3-schema-0.6.7-150400.10.3.1.noarch", "SUSE Manager Server Module 4.3:python3-spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Server Module 4.3:python3-spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Server Module 4.3:python3-urlgrabber-4.1.0-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.ppc64le", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.s390x", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64", "SUSE Manager Server Module 4.3:reprepro-5.4.0-150400.3.6.1.ppc64le", "SUSE Manager Server Module 4.3:reprepro-5.4.0-150400.3.6.1.s390x", "SUSE Manager Server Module 4.3:reprepro-5.4.0-150400.3.6.1.x86_64", "SUSE Manager Server Module 4.3:saltboot-formula-0.1.1661440542.6cbe0da-150400.3.3.1.noarch", "SUSE Manager Server Module 4.3:spacecmd-4.3.15-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-admin-4.3.10-150400.3.3.2.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-app-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-applet-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-common-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-tool-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-iss-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-iss-export-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-package-push-server-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-server-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-sql-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-sql-postgresql-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-tools-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-xml-export-libs-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-xmlrpc-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-minimal-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-minimal-config-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Server Module 4.3:spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Server Module 4.3:spacewalk-html-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-config-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-lib-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-postgresql-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-search-4.3.7-150400.3.6.2.noarch", "SUSE Manager Server Module 4.3:spacewalk-setup-4.3.12-150400.3.8.1.noarch", "SUSE Manager Server Module 4.3:spacewalk-taskomatic-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-utils-4.3.14-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-utils-extras-4.3.14-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:subscription-matcher-0.29-150400.3.7.1.noarch", "SUSE Manager Server Module 4.3:susemanager-4.3.19-150400.3.6.4.ppc64le", "SUSE Manager Server Module 4.3:susemanager-4.3.19-150400.3.6.4.s390x", "SUSE Manager Server Module 4.3:susemanager-4.3.19-150400.3.6.4.x86_64", "SUSE Manager Server Module 4.3:susemanager-build-keys-15.4.3-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-build-keys-web-15.4.3-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-docs_en-4.3-150400.9.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-docs_en-pdf-4.3-150400.9.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-schema-4.3.14-150400.3.6.5.noarch", "SUSE Manager Server Module 4.3:susemanager-schema-utility-4.3.14-150400.3.6.5.noarch", "SUSE Manager Server Module 4.3:susemanager-sls-4.3.25-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:susemanager-sync-data-4.3.9-150400.3.3.1.noarch", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.2-150400.3.3.4.ppc64le", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.2-150400.3.3.4.s390x", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.2-150400.3.3.4.x86_64", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.19-150400.3.6.4.ppc64le", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.19-150400.3.6.4.s390x", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.19-150400.3.6.4.x86_64", "SUSE Manager Server Module 4.3:uyuni-config-modules-4.3.25-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:uyuni-reportdb-schema-4.3.6-150400.3.3.6.noarch", ], }, ], threats: [ { category: "impact", date: "2022-10-26T08:45:32Z", details: "important", }, ], title: "CVE-2021-41411", }, { cve: "CVE-2022-0860", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-0860", }, ], notes: [ { category: "general", text: "Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy Module 4.3:mgr-daemon-4.3.6-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-check-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-client-setup-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64", "SUSE Manager Proxy Module 4.3:spacecmd-4.3.15-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-backend-4.3.16-150400.3.6.8.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-4.3.24-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-config-4.3.24-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-check-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-client-setup-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:susemanager-build-keys-15.4.3-150400.3.6.1.noarch", "SUSE Manager Proxy Module 4.3:susemanager-build-keys-web-15.4.3-150400.3.6.1.noarch", "SUSE Manager Proxy Module 4.3:susemanager-tftpsync-recv-4.3.7-150400.3.3.3.noarch", "SUSE Manager Server Module 4.3:cobbler-3.3.3-150400.5.7.1.noarch", "SUSE Manager Server Module 4.3:drools-7.17.0-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:image-sync-formula-0.1.1661440542.6cbe0da-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.3-150400.3.6.1.ppc64le", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.3-150400.3.6.1.s390x", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.3-150400.3.6.1.x86_64", "SUSE Manager Server Module 4.3:locale-formula-0.3-150400.3.3.1.noarch", "SUSE Manager Server Module 4.3:python3-magic-5.32-150000.7.16.1.ppc64le", "SUSE Manager Server Module 4.3:python3-magic-5.32-150000.7.16.1.s390x", "SUSE Manager Server Module 4.3:python3-magic-5.32-150000.7.16.1.x86_64", "SUSE Manager Server Module 4.3:python3-schema-0.6.7-150400.10.3.1.noarch", "SUSE Manager Server Module 4.3:python3-spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Server Module 4.3:python3-spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Server Module 4.3:python3-urlgrabber-4.1.0-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.ppc64le", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.s390x", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64", "SUSE Manager Server Module 4.3:reprepro-5.4.0-150400.3.6.1.ppc64le", "SUSE Manager Server Module 4.3:reprepro-5.4.0-150400.3.6.1.s390x", "SUSE Manager Server Module 4.3:reprepro-5.4.0-150400.3.6.1.x86_64", "SUSE Manager Server Module 4.3:saltboot-formula-0.1.1661440542.6cbe0da-150400.3.3.1.noarch", "SUSE Manager Server Module 4.3:spacecmd-4.3.15-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-admin-4.3.10-150400.3.3.2.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-app-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-applet-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-common-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-tool-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-iss-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-iss-export-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-package-push-server-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-server-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-sql-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-sql-postgresql-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-tools-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-xml-export-libs-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-xmlrpc-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-minimal-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-minimal-config-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Server Module 4.3:spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Server Module 4.3:spacewalk-html-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-config-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-lib-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-postgresql-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-search-4.3.7-150400.3.6.2.noarch", "SUSE Manager Server Module 4.3:spacewalk-setup-4.3.12-150400.3.8.1.noarch", "SUSE Manager Server Module 4.3:spacewalk-taskomatic-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-utils-4.3.14-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-utils-extras-4.3.14-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:subscription-matcher-0.29-150400.3.7.1.noarch", "SUSE Manager Server Module 4.3:susemanager-4.3.19-150400.3.6.4.ppc64le", "SUSE Manager Server Module 4.3:susemanager-4.3.19-150400.3.6.4.s390x", "SUSE Manager Server Module 4.3:susemanager-4.3.19-150400.3.6.4.x86_64", "SUSE Manager Server Module 4.3:susemanager-build-keys-15.4.3-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-build-keys-web-15.4.3-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-docs_en-4.3-150400.9.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-docs_en-pdf-4.3-150400.9.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-schema-4.3.14-150400.3.6.5.noarch", "SUSE Manager Server Module 4.3:susemanager-schema-utility-4.3.14-150400.3.6.5.noarch", "SUSE Manager Server Module 4.3:susemanager-sls-4.3.25-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:susemanager-sync-data-4.3.9-150400.3.3.1.noarch", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.2-150400.3.3.4.ppc64le", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.2-150400.3.3.4.s390x", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.2-150400.3.3.4.x86_64", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.19-150400.3.6.4.ppc64le", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.19-150400.3.6.4.s390x", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.19-150400.3.6.4.x86_64", "SUSE Manager Server Module 4.3:uyuni-config-modules-4.3.25-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:uyuni-reportdb-schema-4.3.6-150400.3.3.6.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-0860", url: "https://www.suse.com/security/cve/CVE-2022-0860", }, { category: "external", summary: "SUSE Bug 1197027 for CVE-2022-0860", url: "https://bugzilla.suse.com/1197027", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy Module 4.3:mgr-daemon-4.3.6-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-check-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-client-setup-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64", "SUSE Manager Proxy Module 4.3:spacecmd-4.3.15-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-backend-4.3.16-150400.3.6.8.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-4.3.24-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-config-4.3.24-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-check-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-client-setup-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:susemanager-build-keys-15.4.3-150400.3.6.1.noarch", "SUSE Manager Proxy Module 4.3:susemanager-build-keys-web-15.4.3-150400.3.6.1.noarch", "SUSE Manager Proxy Module 4.3:susemanager-tftpsync-recv-4.3.7-150400.3.3.3.noarch", "SUSE Manager Server Module 4.3:cobbler-3.3.3-150400.5.7.1.noarch", "SUSE Manager Server Module 4.3:drools-7.17.0-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:image-sync-formula-0.1.1661440542.6cbe0da-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.3-150400.3.6.1.ppc64le", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.3-150400.3.6.1.s390x", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.3-150400.3.6.1.x86_64", "SUSE Manager Server Module 4.3:locale-formula-0.3-150400.3.3.1.noarch", "SUSE Manager Server Module 4.3:python3-magic-5.32-150000.7.16.1.ppc64le", "SUSE Manager Server Module 4.3:python3-magic-5.32-150000.7.16.1.s390x", "SUSE Manager Server Module 4.3:python3-magic-5.32-150000.7.16.1.x86_64", "SUSE Manager Server Module 4.3:python3-schema-0.6.7-150400.10.3.1.noarch", "SUSE Manager Server Module 4.3:python3-spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Server Module 4.3:python3-spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Server Module 4.3:python3-urlgrabber-4.1.0-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.ppc64le", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.s390x", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64", "SUSE Manager Server Module 4.3:reprepro-5.4.0-150400.3.6.1.ppc64le", "SUSE Manager Server Module 4.3:reprepro-5.4.0-150400.3.6.1.s390x", "SUSE Manager Server Module 4.3:reprepro-5.4.0-150400.3.6.1.x86_64", "SUSE Manager Server Module 4.3:saltboot-formula-0.1.1661440542.6cbe0da-150400.3.3.1.noarch", "SUSE Manager Server Module 4.3:spacecmd-4.3.15-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-admin-4.3.10-150400.3.3.2.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-app-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-applet-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-common-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-tool-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-iss-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-iss-export-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-package-push-server-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-server-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-sql-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-sql-postgresql-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-tools-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-xml-export-libs-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-xmlrpc-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-minimal-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-minimal-config-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Server Module 4.3:spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Server Module 4.3:spacewalk-html-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-config-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-lib-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-postgresql-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-search-4.3.7-150400.3.6.2.noarch", "SUSE Manager Server Module 4.3:spacewalk-setup-4.3.12-150400.3.8.1.noarch", "SUSE Manager Server Module 4.3:spacewalk-taskomatic-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-utils-4.3.14-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-utils-extras-4.3.14-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:subscription-matcher-0.29-150400.3.7.1.noarch", "SUSE Manager Server Module 4.3:susemanager-4.3.19-150400.3.6.4.ppc64le", "SUSE Manager Server Module 4.3:susemanager-4.3.19-150400.3.6.4.s390x", "SUSE Manager Server Module 4.3:susemanager-4.3.19-150400.3.6.4.x86_64", "SUSE Manager Server Module 4.3:susemanager-build-keys-15.4.3-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-build-keys-web-15.4.3-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-docs_en-4.3-150400.9.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-docs_en-pdf-4.3-150400.9.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-schema-4.3.14-150400.3.6.5.noarch", "SUSE Manager Server Module 4.3:susemanager-schema-utility-4.3.14-150400.3.6.5.noarch", "SUSE Manager Server Module 4.3:susemanager-sls-4.3.25-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:susemanager-sync-data-4.3.9-150400.3.3.1.noarch", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.2-150400.3.3.4.ppc64le", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.2-150400.3.3.4.s390x", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.2-150400.3.3.4.x86_64", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.19-150400.3.6.4.ppc64le", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.19-150400.3.6.4.s390x", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.19-150400.3.6.4.x86_64", "SUSE Manager Server Module 4.3:uyuni-config-modules-4.3.25-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:uyuni-reportdb-schema-4.3.6-150400.3.3.6.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "SUSE Manager Proxy Module 4.3:mgr-daemon-4.3.6-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-check-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-client-setup-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:python3-spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64", "SUSE Manager Proxy Module 4.3:spacecmd-4.3.15-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-backend-4.3.16-150400.3.6.8.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-4.3.24-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-base-minimal-config-4.3.24-150400.3.6.4.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-check-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-client-setup-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Proxy Module 4.3:susemanager-build-keys-15.4.3-150400.3.6.1.noarch", "SUSE Manager Proxy Module 4.3:susemanager-build-keys-web-15.4.3-150400.3.6.1.noarch", "SUSE Manager Proxy Module 4.3:susemanager-tftpsync-recv-4.3.7-150400.3.3.3.noarch", "SUSE Manager Server Module 4.3:cobbler-3.3.3-150400.5.7.1.noarch", "SUSE Manager Server Module 4.3:drools-7.17.0-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:image-sync-formula-0.1.1661440542.6cbe0da-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.3-150400.3.6.1.ppc64le", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.3-150400.3.6.1.s390x", "SUSE Manager Server Module 4.3:inter-server-sync-0.2.3-150400.3.6.1.x86_64", "SUSE Manager Server Module 4.3:locale-formula-0.3-150400.3.3.1.noarch", "SUSE Manager Server Module 4.3:python3-magic-5.32-150000.7.16.1.ppc64le", "SUSE Manager Server Module 4.3:python3-magic-5.32-150000.7.16.1.s390x", "SUSE Manager Server Module 4.3:python3-magic-5.32-150000.7.16.1.x86_64", "SUSE Manager Server Module 4.3:python3-schema-0.6.7-150400.10.3.1.noarch", "SUSE Manager Server Module 4.3:python3-spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Server Module 4.3:python3-spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Server Module 4.3:python3-urlgrabber-4.1.0-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.ppc64le", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.s390x", "SUSE Manager Server Module 4.3:python3-uyuni-common-libs-4.3.6-150400.3.6.4.x86_64", "SUSE Manager Server Module 4.3:reprepro-5.4.0-150400.3.6.1.ppc64le", "SUSE Manager Server Module 4.3:reprepro-5.4.0-150400.3.6.1.s390x", "SUSE Manager Server Module 4.3:reprepro-5.4.0-150400.3.6.1.x86_64", "SUSE Manager Server Module 4.3:saltboot-formula-0.1.1661440542.6cbe0da-150400.3.3.1.noarch", "SUSE Manager Server Module 4.3:spacecmd-4.3.15-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-admin-4.3.10-150400.3.3.2.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-app-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-applet-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-common-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-config-files-tool-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-iss-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-iss-export-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-package-push-server-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-server-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-sql-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-sql-postgresql-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-tools-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-xml-export-libs-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-backend-xmlrpc-4.3.16-150400.3.6.8.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-minimal-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-base-minimal-config-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-certs-tools-4.3.15-150400.3.6.2.noarch", "SUSE Manager Server Module 4.3:spacewalk-client-tools-4.3.12-150400.3.6.6.noarch", "SUSE Manager Server Module 4.3:spacewalk-html-4.3.24-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-config-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-lib-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-java-postgresql-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-search-4.3.7-150400.3.6.2.noarch", "SUSE Manager Server Module 4.3:spacewalk-setup-4.3.12-150400.3.8.1.noarch", "SUSE Manager Server Module 4.3:spacewalk-taskomatic-4.3.38-150400.3.8.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-utils-4.3.14-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:spacewalk-utils-extras-4.3.14-150400.3.6.3.noarch", "SUSE Manager Server Module 4.3:subscription-matcher-0.29-150400.3.7.1.noarch", "SUSE Manager Server Module 4.3:susemanager-4.3.19-150400.3.6.4.ppc64le", "SUSE Manager Server Module 4.3:susemanager-4.3.19-150400.3.6.4.s390x", "SUSE Manager Server Module 4.3:susemanager-4.3.19-150400.3.6.4.x86_64", "SUSE Manager Server Module 4.3:susemanager-build-keys-15.4.3-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-build-keys-web-15.4.3-150400.3.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-docs_en-4.3-150400.9.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-docs_en-pdf-4.3-150400.9.6.1.noarch", "SUSE Manager Server Module 4.3:susemanager-schema-4.3.14-150400.3.6.5.noarch", "SUSE Manager Server Module 4.3:susemanager-schema-utility-4.3.14-150400.3.6.5.noarch", "SUSE Manager Server Module 4.3:susemanager-sls-4.3.25-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:susemanager-sync-data-4.3.9-150400.3.3.1.noarch", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.2-150400.3.3.4.ppc64le", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.2-150400.3.3.4.s390x", "SUSE Manager Server Module 4.3:susemanager-tftpsync-4.3.2-150400.3.3.4.x86_64", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.19-150400.3.6.4.ppc64le", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.19-150400.3.6.4.s390x", "SUSE Manager Server Module 4.3:susemanager-tools-4.3.19-150400.3.6.4.x86_64", "SUSE Manager Server Module 4.3:uyuni-config-modules-4.3.25-150400.3.6.4.noarch", "SUSE Manager Server Module 4.3:uyuni-reportdb-schema-4.3.6-150400.3.3.6.noarch", ], }, ], threats: [ { category: "impact", date: "2022-10-26T08:45:32Z", details: "important", }, ], title: "CVE-2022-0860", }, ], }
suse-su-2022:3314-1
Vulnerability from csaf_suse
Published
2022-09-19 15:38
Modified
2022-09-19 15:38
Summary
Security update for SUSE Manager Server 4.2
Notes
Title of the patch
Security update for SUSE Manager Server 4.2
Description of the patch
This update fixes the following issues:
drools:
- CVE-2021-41411: XML External Entity injection in KieModuleModelImpl.java. (bsc#1200629)
httpcomponents-asyncclient:
- Provide maven metadata needed by other packages to build
image-sync-formula:
- Update to version 0.1.1661440526.b08d95b
* Add option to sort boot images by version (bsc#1196729)
inter-server-sync:
- Version 0.2.3
* Compress exported sql data #16631
* Add gzip dependency to decompress data file during import process
patterns-suse-manager:
- Strictly require OpenJDK 11 (bsc#1202142)
py27-compat-salt:
- Add support for gpgautoimport in zypperpkg module
- Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372)
- Add support for name, pkgs and diff_attr parameters to upgrade
function for zypper and yum (bsc#1198489)
- Unify logic on using multiple requisites and add onfail_all (bsc#1198738)
- Normalize package names once with pkg.installed/removed using yum (bsc#1195895)
salt-netapi-client:
- Declare the LICENSE file as license and not doc
- Adapted for Enterprise Linux 9.
- Version 0.20.0
* See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.20.0
saltboot-formula:
- Update to version 0.1.1661440526.b08d95b
* Fallback to local boot if the configured image is not synced
* improve image url modifications - preparation for ftp/http changes
spacecmd:
- Version 4.2.19-1
* Process date values in spacecmd api calls (bsc#1198903)
* Show correct help on calling kickstart_importjson with no arguments
* Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
spacewalk-admin:
- Version 4.2.12-1
* Add --help option to mgr-monitoring-ctl
spacewalk-backend:
- Version 4.2.24-1
* Make reposync use the configured http proxy with mirrorlist (bsc#1198168)
* Revert proxy listChannels token caching pr#4548
* cleanup leftovers from removing unused xmlrpc endpoint
spacewalk-certs-tools:
- Version 4.2.18-1
* traditional stack bootstrap: install product packages (bsc#1201142)
spacewalk-client-tools:
- Version 4.2.20-1
* Update translation strings
spacewalk-java:
- Version 4.2.41-1
* Fixed date format on scheduler related messages (bsc#1195455)
* Support inherited values for kernel options from Cobbler API (bsc#1199913)
* Add channel availability check for product migration (bsc#1200296)
* Check if system has all formulas correctly assigned (bsc#1201607)
* Remove group formula assignments and data on group delete (bsc#1201606)
* Fix sync for external repositories (bsc#1201753)
* fix state.apply result parsing in test mode (bsc#1201913)
* Reduce the length of image channel URL (bsc#1201220)
* Calculate dependencies between cloned channels of vendor channels (bsc#1201626)
* fix symlinks pointing to ongres-stringprep
* Modify parameter type when communicating with the search server (bsc#1187028)
* Fix initial profile and build host on Image Build page (bsc#1199659)
* Fix the confirm message on the refresh action by adding a link
to pending actions on it (bsc#1172705)
* require new salt-netapi-client version
* Clean grub2 reinstall entry in autoyast snippet (bsc#1199950)
spacewalk-search:
- Version 4.2.8-1
* Add methods to handle session id as String
spacewalk-web:
- Version 4.2.29-1
* CVE-2021-43138: Obtain privileges via the `mapValues()` method. (bsc#1200480)
* CVE-2021-42740: Command injection in the shell-quote package. (bsc#1203287)
* CVE-2022-31129: Denial-of-Service moment: inefficient parsing algorithm (bsc#1203288)
* Fix table header layout for unselectable tables
* Fix initial profile and build host on Image Build page (bsc#1199659)
subscription-matcher:
- Added Guava maximum version requirement.
susemanager:
- Version 4.2.37-1
* mark new dependencies for python-py optional in bootstrap repo to fix generation for older service packs
(bsc#1203449)
- Version 4.2.36-1
* add missing packages on SLES 15
* remove server-migrator.sh from SUSE Manager installations (bsc#1202728)
* mgr-create-bootstrap-repo: flush directory also when called for a specific label (bsc#1200573)
* add missing packages on SLES 12 SP5 bootstrap repo (bsc#1201918)
* remove python-tornado from bootstrap repo, since no longer required for salt version >= 3000
* add openSUSE 15.4 product (bsc#1201527)
* add clients tool product to generate bootstrap repo on openSUSE 15.x (bsc#1201189)
susemanager-doc-indexes:
- Documented mandatory channels in the Disconnected Setup chapter of the
Administration Guide (bsc#1202464)
- Documented how to onboard Ubuntu clients with the Salt bundle as a
regular user
- Documented how to onboard Debian clients with the Salt bundle or plain Salt
as a regular user
- Fixed the names of updates channels for Leap
- Fixed errors in OpenSCAP chapter of Administration Guide
- Added exact command to create the bootstrap repo for Salt bundle and about how to disable salt-thin
- Removed CentOS 8 from the list of supported client systems
- Extend the notes about using noexec option for /tmp and /var/tmp (bsc#1201210)
- Reverted single snippet change for two separate books
- Added extend Salt Bundle functionality with Python packages using pip
- Add missing part of the description to enable optional support of the Salt Bundle with Salt SSH
- Added exact command to create the bootstrap repo for salt bundle and about how to disable salt-thin
- Salt Configuration Modules are no longer Technology Preview in Salt Guide.
- Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224)
- Added ports 1232 and 1233 in the Ports section of the Installation and
Upgrade Guide; required for Salt SSH Push (bsc#1200532)
- In the Custom Channel section of the Administration Guide add a note
about synchronizing repositories regularly.
- Removed SUSE Linux Enterprise 11 from the list of supported client systems
susemanager-docs_en:
- Documented mandatory channels in the Disconnected Setup chapter of the
Administration Guide (bsc#1202464)
- Documented how to onboard Ubuntu clients with the Salt bundle as a
regular user
- Documented how to onboard Debian clients with the Salt bundle or plain Salt
as a regular user
- Fixed the names of updates channels for Leap
- Fixed errors in OpenSCAP chapter of Administration Guide
- Added exact command to create the bootstrap repo for Salt bundle and about how to disable salt-thin
- Removed CentOS 8 from the list of supported client systems
- Extend the notes about using noexec option for /tmp and /var/tmp (bsc#1201210)
- Reverted single snippet change for two separate books
- Added extend Salt Bundle functionality with Python packages using pip
- Add missing part of the description to enable optional support of the Salt Bundle with Salt SSH
- Added exact command to create the bootstrap repo for salt bundle and about how to disable salt-thin
- Salt Configuration Modules are no longer Technology Preview in Salt Guide.
- Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224)
- Added ports 1232 and 1233 in the Ports section of the Installation and
Upgrade Guide; required for Salt SSH Push (bsc#1200532)
- In the Custom Channel section of the Administration Guide add a note
about synchronizing repositories regularly.
- Removed SUSE Linux Enterprise 11 from the list of supported client systems
susemanager-schema:
- Version 4.2.24-1
* Fix migration of image actions (bsc#1202272)
susemanager-sls:
- Version 4.2.27-1
* Copy grains file with util.mgr_switch_to_venv_minion state apply
* Remove the message 'rpm: command not found' on using Salt SSH
with Debian based systems which has no Salt Bundle
* Prevent possible tracebacks on calling module.run from mgrcompat
by setting proper globals with using LazyLoader
* Fix deploy of SLE Micro CA Certificate (bsc#1200276)
uyuni-common-libs:
- Version 4.2.7-1
* Do not allow creating path if nonexistent user or group in fileutils.
How to apply this update:
1. Log in as root user to the SUSE Manager server.
2. Stop the Spacewalk service:
`spacewalk-service stop`
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service:
`spacewalk-service start`
Patchnames
SUSE-2022-3314,SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-3314,SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3314
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for SUSE Manager Server 4.2", title: "Title of the patch", }, { category: "description", text: "This update fixes the following issues:\n\ndrools:\n\n- CVE-2021-41411: XML External Entity injection in KieModuleModelImpl.java. (bsc#1200629)\n\nhttpcomponents-asyncclient:\n\n- Provide maven metadata needed by other packages to build\n\nimage-sync-formula:\n\n- Update to version 0.1.1661440526.b08d95b\n * Add option to sort boot images by version (bsc#1196729)\n\ninter-server-sync:\n\n- Version 0.2.3\n * Compress exported sql data #16631\n * Add gzip dependency to decompress data file during import process\n\npatterns-suse-manager:\n\n- Strictly require OpenJDK 11 (bsc#1202142) \n\npy27-compat-salt:\n\n- Add support for gpgautoimport in zypperpkg module\n- Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372)\n- Add support for name, pkgs and diff_attr parameters to upgrade\n function for zypper and yum (bsc#1198489)\n- Unify logic on using multiple requisites and add onfail_all (bsc#1198738)\n- Normalize package names once with pkg.installed/removed using yum (bsc#1195895)\n\nsalt-netapi-client:\n\n- Declare the LICENSE file as license and not doc\n- Adapted for Enterprise Linux 9.\n- Version 0.20.0\n * See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.20.0\n\nsaltboot-formula:\n\n- Update to version 0.1.1661440526.b08d95b\n * Fallback to local boot if the configured image is not synced\n * improve image url modifications - preparation for ftp/http changes\n\nspacecmd:\n\n- Version 4.2.19-1\n * Process date values in spacecmd api calls (bsc#1198903)\n * Show correct help on calling kickstart_importjson with no arguments\n * Fix tracebacks on spacecmd kickstart_export (bsc#1200591)\n\nspacewalk-admin:\n\n- Version 4.2.12-1\n * Add --help option to mgr-monitoring-ctl\n\nspacewalk-backend:\n\n- Version 4.2.24-1\n * Make reposync use the configured http proxy with mirrorlist (bsc#1198168)\n * Revert proxy listChannels token caching pr#4548\n * cleanup leftovers from removing unused xmlrpc endpoint\n\nspacewalk-certs-tools:\n\n- Version 4.2.18-1\n * traditional stack bootstrap: install product packages (bsc#1201142)\n\nspacewalk-client-tools:\n\n- Version 4.2.20-1\n * Update translation strings\n\nspacewalk-java:\n\n- Version 4.2.41-1\n * Fixed date format on scheduler related messages (bsc#1195455)\n * Support inherited values for kernel options from Cobbler API (bsc#1199913)\n * Add channel availability check for product migration (bsc#1200296)\n * Check if system has all formulas correctly assigned (bsc#1201607)\n * Remove group formula assignments and data on group delete (bsc#1201606)\n * Fix sync for external repositories (bsc#1201753)\n * fix state.apply result parsing in test mode (bsc#1201913)\n * Reduce the length of image channel URL (bsc#1201220)\n * Calculate dependencies between cloned channels of vendor channels (bsc#1201626)\n * fix symlinks pointing to ongres-stringprep\n * Modify parameter type when communicating with the search server (bsc#1187028)\n * Fix initial profile and build host on Image Build page (bsc#1199659)\n * Fix the confirm message on the refresh action by adding a link\n to pending actions on it (bsc#1172705)\n * require new salt-netapi-client version\n * Clean grub2 reinstall entry in autoyast snippet (bsc#1199950)\n\nspacewalk-search:\n\n- Version 4.2.8-1\n * Add methods to handle session id as String\n\nspacewalk-web:\n\n- Version 4.2.29-1\n * CVE-2021-43138: Obtain privileges via the `mapValues()` method. (bsc#1200480)\n * CVE-2021-42740: Command injection in the shell-quote package. (bsc#1203287) \n * CVE-2022-31129: Denial-of-Service moment: inefficient parsing algorithm (bsc#1203288)\n * Fix table header layout for unselectable tables\n * Fix initial profile and build host on Image Build page (bsc#1199659)\n\nsubscription-matcher:\n\n- Added Guava maximum version requirement.\n\nsusemanager:\n \n- Version 4.2.37-1\n * mark new dependencies for python-py optional in bootstrap repo to fix generation for older service packs \n (bsc#1203449)\n- Version 4.2.36-1\n * add missing packages on SLES 15\n * remove server-migrator.sh from SUSE Manager installations (bsc#1202728)\n * mgr-create-bootstrap-repo: flush directory also when called for a specific label (bsc#1200573)\n * add missing packages on SLES 12 SP5 bootstrap repo (bsc#1201918)\n * remove python-tornado from bootstrap repo, since no longer required for salt version >= 3000\n * add openSUSE 15.4 product (bsc#1201527)\n * add clients tool product to generate bootstrap repo on openSUSE 15.x (bsc#1201189)\n\nsusemanager-doc-indexes:\n\n- Documented mandatory channels in the Disconnected Setup chapter of the\n Administration Guide (bsc#1202464)\n- Documented how to onboard Ubuntu clients with the Salt bundle as a\n regular user\n- Documented how to onboard Debian clients with the Salt bundle or plain Salt\n as a regular user\n- Fixed the names of updates channels for Leap\n- Fixed errors in OpenSCAP chapter of Administration Guide\n- Added exact command to create the bootstrap repo for Salt bundle and about how to disable salt-thin\n- Removed CentOS 8 from the list of supported client systems\n- Extend the notes about using noexec option for /tmp and /var/tmp (bsc#1201210)\n- Reverted single snippet change for two separate books\n- Added extend Salt Bundle functionality with Python packages using pip\n- Add missing part of the description to enable optional support of the Salt Bundle with Salt SSH\n- Added exact command to create the bootstrap repo for salt bundle and about how to disable salt-thin\n- Salt Configuration Modules are no longer Technology Preview in Salt Guide.\n- Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224)\n- Added ports 1232 and 1233 in the Ports section of the Installation and\n Upgrade Guide; required for Salt SSH Push (bsc#1200532)\n- In the Custom Channel section of the Administration Guide add a note\n about synchronizing repositories regularly.\n- Removed SUSE Linux Enterprise 11 from the list of supported client systems\n\nsusemanager-docs_en:\n\n- Documented mandatory channels in the Disconnected Setup chapter of the\n Administration Guide (bsc#1202464)\n- Documented how to onboard Ubuntu clients with the Salt bundle as a\n regular user\n- Documented how to onboard Debian clients with the Salt bundle or plain Salt\n as a regular user\n- Fixed the names of updates channels for Leap\n- Fixed errors in OpenSCAP chapter of Administration Guide\n- Added exact command to create the bootstrap repo for Salt bundle and about how to disable salt-thin\n- Removed CentOS 8 from the list of supported client systems\n- Extend the notes about using noexec option for /tmp and /var/tmp (bsc#1201210)\n- Reverted single snippet change for two separate books\n- Added extend Salt Bundle functionality with Python packages using pip\n- Add missing part of the description to enable optional support of the Salt Bundle with Salt SSH\n- Added exact command to create the bootstrap repo for salt bundle and about how to disable salt-thin\n- Salt Configuration Modules are no longer Technology Preview in Salt Guide.\n- Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224)\n- Added ports 1232 and 1233 in the Ports section of the Installation and\n Upgrade Guide; required for Salt SSH Push (bsc#1200532)\n- In the Custom Channel section of the Administration Guide add a note\n about synchronizing repositories regularly.\n- Removed SUSE Linux Enterprise 11 from the list of supported client systems\n\nsusemanager-schema:\n\n- Version 4.2.24-1\n * Fix migration of image actions (bsc#1202272)\n\nsusemanager-sls:\n\n- Version 4.2.27-1\n * Copy grains file with util.mgr_switch_to_venv_minion state apply\n * Remove the message 'rpm: command not found' on using Salt SSH\n with Debian based systems which has no Salt Bundle\n * Prevent possible tracebacks on calling module.run from mgrcompat\n by setting proper globals with using LazyLoader\n * Fix deploy of SLE Micro CA Certificate (bsc#1200276)\n\nuyuni-common-libs:\n\n- Version 4.2.7-1\n * Do not allow creating path if nonexistent user or group in fileutils.\n\nHow to apply this update:\n\n1. Log in as root user to the SUSE Manager server.\n2. Stop the Spacewalk service:\n`spacewalk-service stop`\n3. Apply the patch using either zypper patch or YaST Online Update.\n4. Start the Spacewalk service:\n`spacewalk-service start`\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-3314,SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-3314,SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3314", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3314-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:3314-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20223314-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:3314-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012286.html", }, { category: "self", summary: "SUSE Bug 1172705", url: "https://bugzilla.suse.com/1172705", }, { category: "self", summary: "SUSE Bug 1187028", url: "https://bugzilla.suse.com/1187028", }, { category: "self", summary: "SUSE Bug 1195455", url: "https://bugzilla.suse.com/1195455", }, { category: "self", summary: "SUSE Bug 1195895", url: "https://bugzilla.suse.com/1195895", }, { category: "self", summary: "SUSE Bug 1196729", url: "https://bugzilla.suse.com/1196729", }, { category: "self", summary: "SUSE Bug 1198168", url: "https://bugzilla.suse.com/1198168", }, { category: "self", summary: "SUSE Bug 1198489", url: "https://bugzilla.suse.com/1198489", }, { category: "self", summary: "SUSE Bug 1198738", url: "https://bugzilla.suse.com/1198738", }, { category: "self", summary: "SUSE Bug 1198903", url: "https://bugzilla.suse.com/1198903", }, { category: "self", summary: "SUSE Bug 1199372", url: "https://bugzilla.suse.com/1199372", }, { category: "self", summary: "SUSE Bug 1199659", url: "https://bugzilla.suse.com/1199659", }, { category: "self", summary: "SUSE Bug 1199913", url: "https://bugzilla.suse.com/1199913", }, { category: "self", summary: "SUSE Bug 1199950", url: "https://bugzilla.suse.com/1199950", }, { category: "self", summary: "SUSE Bug 1200276", url: "https://bugzilla.suse.com/1200276", }, { category: "self", summary: "SUSE Bug 1200296", url: "https://bugzilla.suse.com/1200296", }, { category: "self", summary: "SUSE Bug 1200480", url: "https://bugzilla.suse.com/1200480", }, { category: "self", summary: "SUSE Bug 1200532", url: "https://bugzilla.suse.com/1200532", }, { category: "self", summary: "SUSE Bug 1200573", url: "https://bugzilla.suse.com/1200573", }, { category: "self", summary: "SUSE Bug 1200591", url: "https://bugzilla.suse.com/1200591", }, { category: "self", summary: "SUSE Bug 1200629", url: "https://bugzilla.suse.com/1200629", }, { category: "self", summary: "SUSE Bug 1201142", url: "https://bugzilla.suse.com/1201142", }, { category: "self", summary: "SUSE Bug 1201189", url: "https://bugzilla.suse.com/1201189", }, { category: "self", summary: "SUSE Bug 1201210", url: "https://bugzilla.suse.com/1201210", }, { category: "self", summary: "SUSE Bug 1201220", url: "https://bugzilla.suse.com/1201220", }, { category: "self", summary: "SUSE Bug 1201224", url: "https://bugzilla.suse.com/1201224", }, { category: "self", summary: "SUSE Bug 1201527", url: "https://bugzilla.suse.com/1201527", }, { category: "self", summary: "SUSE Bug 1201606", url: "https://bugzilla.suse.com/1201606", }, { category: "self", summary: "SUSE Bug 1201607", url: "https://bugzilla.suse.com/1201607", }, { category: "self", summary: "SUSE Bug 1201626", url: "https://bugzilla.suse.com/1201626", }, { category: "self", summary: "SUSE Bug 1201753", url: "https://bugzilla.suse.com/1201753", }, { category: "self", summary: "SUSE Bug 1201913", url: "https://bugzilla.suse.com/1201913", }, { category: "self", summary: "SUSE Bug 1201918", url: "https://bugzilla.suse.com/1201918", }, { category: "self", summary: "SUSE Bug 1202142", url: "https://bugzilla.suse.com/1202142", }, { category: "self", summary: "SUSE Bug 1202272", url: "https://bugzilla.suse.com/1202272", }, { category: "self", summary: "SUSE Bug 1202464", url: "https://bugzilla.suse.com/1202464", }, { category: "self", summary: "SUSE Bug 1202728", url: "https://bugzilla.suse.com/1202728", }, { category: "self", summary: "SUSE Bug 1203287", url: "https://bugzilla.suse.com/1203287", }, { category: "self", summary: "SUSE Bug 1203288", url: "https://bugzilla.suse.com/1203288", }, { category: "self", summary: "SUSE Bug 1203449", url: "https://bugzilla.suse.com/1203449", }, { category: "self", summary: "SUSE CVE CVE-2021-41411 page", url: "https://www.suse.com/security/cve/CVE-2021-41411/", }, { category: "self", summary: "SUSE CVE CVE-2021-42740 page", url: "https://www.suse.com/security/cve/CVE-2021-42740/", }, { category: "self", summary: "SUSE CVE CVE-2021-43138 page", url: "https://www.suse.com/security/cve/CVE-2021-43138/", }, { category: "self", summary: "SUSE CVE CVE-2022-31129 page", url: "https://www.suse.com/security/cve/CVE-2022-31129/", }, ], title: "Security update for SUSE Manager Server 4.2", tracking: { current_release_date: "2022-09-19T15:38:45Z", generator: { date: "2022-09-19T15:38:45Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:3314-1", initial_release_date: "2022-09-19T15:38:45Z", revision_history: [ { date: "2022-09-19T15:38:45Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "inter-server-sync-0.2.3-150300.8.22.2.aarch64", product: { name: "inter-server-sync-0.2.3-150300.8.22.2.aarch64", product_id: "inter-server-sync-0.2.3-150300.8.22.2.aarch64", }, }, { category: "product_version", name: "patterns-suma_proxy-4.2-150300.4.12.2.aarch64", product: { name: "patterns-suma_proxy-4.2-150300.4.12.2.aarch64", product_id: "patterns-suma_proxy-4.2-150300.4.12.2.aarch64", }, }, { category: "product_version", name: "patterns-suma_retail-4.2-150300.4.12.2.aarch64", product: { name: "patterns-suma_retail-4.2-150300.4.12.2.aarch64", product_id: "patterns-suma_retail-4.2-150300.4.12.2.aarch64", }, }, { category: "product_version", name: "patterns-suma_server-4.2-150300.4.12.2.aarch64", product: { name: "patterns-suma_server-4.2-150300.4.12.2.aarch64", product_id: "patterns-suma_server-4.2-150300.4.12.2.aarch64", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.2.7-150300.3.9.2.aarch64", product: { name: "python2-uyuni-common-libs-4.2.7-150300.3.9.2.aarch64", product_id: "python2-uyuni-common-libs-4.2.7-150300.3.9.2.aarch64", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.2.7-150300.3.9.2.aarch64", product: { name: "python3-uyuni-common-libs-4.2.7-150300.3.9.2.aarch64", product_id: "python3-uyuni-common-libs-4.2.7-150300.3.9.2.aarch64", }, }, { category: "product_version", name: "susemanager-4.2.37-150300.3.41.1.aarch64", product: { name: "susemanager-4.2.37-150300.3.41.1.aarch64", product_id: "susemanager-4.2.37-150300.3.41.1.aarch64", }, }, { category: "product_version", name: "susemanager-tools-4.2.37-150300.3.41.1.aarch64", product: { name: "susemanager-tools-4.2.37-150300.3.41.1.aarch64", product_id: "susemanager-tools-4.2.37-150300.3.41.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "drools-7.17.0-150300.4.6.2.noarch", product: { name: "drools-7.17.0-150300.4.6.2.noarch", product_id: "drools-7.17.0-150300.4.6.2.noarch", }, }, { category: "product_version", name: "httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch", product: { name: "httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch", product_id: "httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch", }, }, { category: "product_version", name: "image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch", product: { name: "image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch", product_id: "image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch", }, }, { category: "product_version", name: "mgr-daemon-4.2.10-150300.2.9.4.noarch", product: { name: "mgr-daemon-4.2.10-150300.2.9.4.noarch", product_id: "mgr-daemon-4.2.10-150300.2.9.4.noarch", }, }, { category: "product_version", name: "py27-compat-salt-3000.3-150300.7.7.23.2.noarch", product: { name: "py27-compat-salt-3000.3-150300.7.7.23.2.noarch", product_id: "py27-compat-salt-3000.3-150300.7.7.23.2.noarch", }, }, { category: "product_version", name: "python2-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", product: { name: "python2-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", product_id: "python2-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", }, }, { category: "product_version", name: "python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", product: { name: "python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", product_id: "python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", }, }, { category: "product_version", name: "python3-spacewalk-check-4.2.20-150300.4.24.3.noarch", product: { name: "python3-spacewalk-check-4.2.20-150300.4.24.3.noarch", product_id: "python3-spacewalk-check-4.2.20-150300.4.24.3.noarch", }, }, { category: "product_version", name: "python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", product: { name: "python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", product_id: "python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", }, }, { category: "product_version", name: "python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", product: { name: "python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", product_id: "python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", }, }, { category: "product_version", name: "salt-netapi-client-0.20.0-150300.3.9.4.noarch", product: { name: "salt-netapi-client-0.20.0-150300.3.9.4.noarch", product_id: "salt-netapi-client-0.20.0-150300.3.9.4.noarch", }, }, { category: "product_version", name: "salt-netapi-client-javadoc-0.20.0-150300.3.9.4.noarch", product: { name: "salt-netapi-client-javadoc-0.20.0-150300.3.9.4.noarch", product_id: "salt-netapi-client-javadoc-0.20.0-150300.3.9.4.noarch", }, }, { category: "product_version", name: "saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch", product: { name: "saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch", product_id: "saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch", }, }, { category: "product_version", name: "spacecmd-4.2.19-150300.4.27.2.noarch", product: { name: "spacecmd-4.2.19-150300.4.27.2.noarch", product_id: "spacecmd-4.2.19-150300.4.27.2.noarch", }, }, { category: "product_version", name: "spacewalk-admin-4.2.12-150300.3.15.3.noarch", product: { name: "spacewalk-admin-4.2.12-150300.3.15.3.noarch", product_id: "spacewalk-admin-4.2.12-150300.3.15.3.noarch", }, }, { category: "product_version", name: "spacewalk-backend-4.2.24-150300.4.29.5.noarch", product: { name: "spacewalk-backend-4.2.24-150300.4.29.5.noarch", product_id: "spacewalk-backend-4.2.24-150300.4.29.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-app-4.2.24-150300.4.29.5.noarch", product: { name: "spacewalk-backend-app-4.2.24-150300.4.29.5.noarch", product_id: "spacewalk-backend-app-4.2.24-150300.4.29.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch", product: { name: "spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch", product_id: "spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-cdn-4.2.24-150300.4.29.5.noarch", product: { name: "spacewalk-backend-cdn-4.2.24-150300.4.29.5.noarch", product_id: "spacewalk-backend-cdn-4.2.24-150300.4.29.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch", product: { name: "spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch", product_id: "spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch", product: { name: "spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch", product_id: "spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch", product: { name: "spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch", product_id: "spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch", product: { name: "spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch", product_id: "spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch", product: { name: "spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch", product_id: "spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch", product: { name: "spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch", product_id: "spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-server-4.2.24-150300.4.29.5.noarch", product: { name: "spacewalk-backend-server-4.2.24-150300.4.29.5.noarch", product_id: "spacewalk-backend-server-4.2.24-150300.4.29.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch", product: { name: "spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch", product_id: "spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch", product: { name: "spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch", product_id: "spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch", product: { name: "spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch", product_id: "spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch", product: { name: "spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch", product_id: "spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch", }, }, { category: "product_version", name: "spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch", product: { name: "spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch", product_id: "spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch", }, }, { category: "product_version", name: "spacewalk-base-4.2.29-150300.3.27.3.noarch", product: { name: "spacewalk-base-4.2.29-150300.3.27.3.noarch", product_id: "spacewalk-base-4.2.29-150300.3.27.3.noarch", }, }, { category: "product_version", name: "spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", product: { name: "spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", product_id: "spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", }, }, { category: "product_version", name: "spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", product: { name: "spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", product_id: "spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", }, }, { category: "product_version", name: "spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", product: { name: "spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", product_id: "spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", }, }, { category: "product_version", name: "spacewalk-check-4.2.20-150300.4.24.3.noarch", product: { name: "spacewalk-check-4.2.20-150300.4.24.3.noarch", product_id: "spacewalk-check-4.2.20-150300.4.24.3.noarch", }, }, { category: "product_version", name: "spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", product: { name: "spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", product_id: "spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", }, }, { category: "product_version", name: "spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", product: { name: "spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", product_id: "spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", }, }, { category: "product_version", name: "spacewalk-dobby-4.2.29-150300.3.27.3.noarch", product: { name: "spacewalk-dobby-4.2.29-150300.3.27.3.noarch", product_id: "spacewalk-dobby-4.2.29-150300.3.27.3.noarch", }, }, { category: "product_version", name: "spacewalk-html-4.2.29-150300.3.27.3.noarch", product: { name: "spacewalk-html-4.2.29-150300.3.27.3.noarch", product_id: "spacewalk-html-4.2.29-150300.3.27.3.noarch", }, }, { category: "product_version", name: "spacewalk-html-debug-4.2.29-150300.3.27.3.noarch", product: { name: "spacewalk-html-debug-4.2.29-150300.3.27.3.noarch", product_id: "spacewalk-html-debug-4.2.29-150300.3.27.3.noarch", }, }, { category: "product_version", name: "spacewalk-java-4.2.41-150300.3.43.5.noarch", product: { name: "spacewalk-java-4.2.41-150300.3.43.5.noarch", product_id: "spacewalk-java-4.2.41-150300.3.43.5.noarch", }, }, { category: "product_version", name: "spacewalk-java-apidoc-sources-4.2.41-150300.3.43.5.noarch", product: { name: "spacewalk-java-apidoc-sources-4.2.41-150300.3.43.5.noarch", product_id: "spacewalk-java-apidoc-sources-4.2.41-150300.3.43.5.noarch", }, }, { category: "product_version", name: "spacewalk-java-config-4.2.41-150300.3.43.5.noarch", product: { name: "spacewalk-java-config-4.2.41-150300.3.43.5.noarch", product_id: "spacewalk-java-config-4.2.41-150300.3.43.5.noarch", }, }, { category: "product_version", name: "spacewalk-java-lib-4.2.41-150300.3.43.5.noarch", product: { name: "spacewalk-java-lib-4.2.41-150300.3.43.5.noarch", product_id: "spacewalk-java-lib-4.2.41-150300.3.43.5.noarch", }, }, { category: "product_version", name: "spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch", product: { name: "spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch", product_id: "spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch", }, }, { category: "product_version", name: "spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch", product: { name: "spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch", product_id: "spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch", }, }, { category: "product_version", name: "spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch", product: { name: "spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch", product_id: "spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch", }, }, { category: "product_version", name: "spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch", product: { name: "spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch", product_id: "spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch", }, }, { category: "product_version", name: "spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch", product: { name: "spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch", product_id: "spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch", }, }, { category: "product_version", name: "spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch", product: { name: "spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch", product_id: "spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch", }, }, { category: "product_version", name: "spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch", product: { name: "spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch", product_id: "spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch", }, }, { category: "product_version", name: "spacewalk-search-4.2.8-150300.3.12.2.noarch", product: { name: "spacewalk-search-4.2.8-150300.3.12.2.noarch", product_id: "spacewalk-search-4.2.8-150300.3.12.2.noarch", }, }, { category: "product_version", name: "spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch", product: { name: "spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch", product_id: "spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch", }, }, { category: "product_version", name: "subscription-matcher-0.29-150300.6.12.2.noarch", product: { name: "subscription-matcher-0.29-150300.6.12.2.noarch", product_id: "subscription-matcher-0.29-150300.6.12.2.noarch", }, }, { category: "product_version", name: "susemanager-doc-indexes-4.2-150300.12.33.4.noarch", product: { name: "susemanager-doc-indexes-4.2-150300.12.33.4.noarch", product_id: "susemanager-doc-indexes-4.2-150300.12.33.4.noarch", }, }, { category: "product_version", name: "susemanager-docs_en-4.2-150300.12.33.2.noarch", product: { name: "susemanager-docs_en-4.2-150300.12.33.2.noarch", product_id: "susemanager-docs_en-4.2-150300.12.33.2.noarch", }, }, { category: "product_version", name: "susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch", product: { name: "susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch", product_id: "susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch", }, }, { category: "product_version", name: "susemanager-schema-4.2.24-150300.3.27.3.noarch", product: { name: "susemanager-schema-4.2.24-150300.3.27.3.noarch", product_id: "susemanager-schema-4.2.24-150300.3.27.3.noarch", }, }, { category: "product_version", name: "susemanager-schema-sanity-4.2.24-150300.3.27.3.noarch", product: { name: "susemanager-schema-sanity-4.2.24-150300.3.27.3.noarch", product_id: "susemanager-schema-sanity-4.2.24-150300.3.27.3.noarch", }, }, { category: "product_version", name: "susemanager-sls-4.2.27-150300.3.33.4.noarch", product: { name: "susemanager-sls-4.2.27-150300.3.33.4.noarch", product_id: "susemanager-sls-4.2.27-150300.3.33.4.noarch", }, }, { category: "product_version", name: "susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch", product: { name: "susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch", product_id: "susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch", }, }, { category: "product_version", name: "uyuni-config-modules-4.2.27-150300.3.33.4.noarch", product: { name: "uyuni-config-modules-4.2.27-150300.3.33.4.noarch", product_id: "uyuni-config-modules-4.2.27-150300.3.33.4.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "inter-server-sync-0.2.3-150300.8.22.2.ppc64le", product: { name: "inter-server-sync-0.2.3-150300.8.22.2.ppc64le", product_id: "inter-server-sync-0.2.3-150300.8.22.2.ppc64le", }, }, { category: "product_version", name: "patterns-suma_proxy-4.2-150300.4.12.2.ppc64le", product: { name: "patterns-suma_proxy-4.2-150300.4.12.2.ppc64le", product_id: "patterns-suma_proxy-4.2-150300.4.12.2.ppc64le", }, }, { category: "product_version", name: "patterns-suma_retail-4.2-150300.4.12.2.ppc64le", product: { name: "patterns-suma_retail-4.2-150300.4.12.2.ppc64le", product_id: "patterns-suma_retail-4.2-150300.4.12.2.ppc64le", }, }, { category: "product_version", name: "patterns-suma_server-4.2-150300.4.12.2.ppc64le", product: { name: "patterns-suma_server-4.2-150300.4.12.2.ppc64le", product_id: "patterns-suma_server-4.2-150300.4.12.2.ppc64le", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le", product: { name: "python2-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le", product_id: "python2-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le", product: { name: "python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le", product_id: "python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le", }, }, { category: "product_version", name: "susemanager-4.2.37-150300.3.41.1.ppc64le", product: { name: "susemanager-4.2.37-150300.3.41.1.ppc64le", product_id: "susemanager-4.2.37-150300.3.41.1.ppc64le", }, }, { category: "product_version", name: "susemanager-tools-4.2.37-150300.3.41.1.ppc64le", product: { name: "susemanager-tools-4.2.37-150300.3.41.1.ppc64le", product_id: "susemanager-tools-4.2.37-150300.3.41.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "inter-server-sync-0.2.3-150300.8.22.2.s390x", product: { name: "inter-server-sync-0.2.3-150300.8.22.2.s390x", product_id: "inter-server-sync-0.2.3-150300.8.22.2.s390x", }, }, { category: "product_version", name: "patterns-suma_proxy-4.2-150300.4.12.2.s390x", product: { name: "patterns-suma_proxy-4.2-150300.4.12.2.s390x", product_id: "patterns-suma_proxy-4.2-150300.4.12.2.s390x", }, }, { category: "product_version", name: "patterns-suma_retail-4.2-150300.4.12.2.s390x", product: { name: "patterns-suma_retail-4.2-150300.4.12.2.s390x", product_id: "patterns-suma_retail-4.2-150300.4.12.2.s390x", }, }, { category: "product_version", name: "patterns-suma_server-4.2-150300.4.12.2.s390x", product: { name: "patterns-suma_server-4.2-150300.4.12.2.s390x", product_id: "patterns-suma_server-4.2-150300.4.12.2.s390x", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.2.7-150300.3.9.2.s390x", product: { name: "python2-uyuni-common-libs-4.2.7-150300.3.9.2.s390x", product_id: "python2-uyuni-common-libs-4.2.7-150300.3.9.2.s390x", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x", product: { name: "python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x", product_id: "python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x", }, }, { category: "product_version", name: "susemanager-4.2.37-150300.3.41.1.s390x", product: { name: "susemanager-4.2.37-150300.3.41.1.s390x", product_id: "susemanager-4.2.37-150300.3.41.1.s390x", }, }, { category: "product_version", name: "susemanager-tools-4.2.37-150300.3.41.1.s390x", product: { name: "susemanager-tools-4.2.37-150300.3.41.1.s390x", product_id: "susemanager-tools-4.2.37-150300.3.41.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "inter-server-sync-0.2.3-150300.8.22.2.x86_64", product: { name: "inter-server-sync-0.2.3-150300.8.22.2.x86_64", product_id: "inter-server-sync-0.2.3-150300.8.22.2.x86_64", }, }, { category: "product_version", name: "patterns-suma_proxy-4.2-150300.4.12.2.x86_64", product: { name: "patterns-suma_proxy-4.2-150300.4.12.2.x86_64", product_id: "patterns-suma_proxy-4.2-150300.4.12.2.x86_64", }, }, { category: "product_version", name: "patterns-suma_retail-4.2-150300.4.12.2.x86_64", product: { name: "patterns-suma_retail-4.2-150300.4.12.2.x86_64", product_id: "patterns-suma_retail-4.2-150300.4.12.2.x86_64", }, }, { category: "product_version", name: "patterns-suma_server-4.2-150300.4.12.2.x86_64", product: { name: "patterns-suma_server-4.2-150300.4.12.2.x86_64", product_id: "patterns-suma_server-4.2-150300.4.12.2.x86_64", }, }, { category: "product_version", name: "python2-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", product: { name: "python2-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", product_id: "python2-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", }, }, { category: "product_version", name: "python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", product: { name: "python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", product_id: "python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", }, }, { category: "product_version", name: "susemanager-4.2.37-150300.3.41.1.x86_64", product: { name: "susemanager-4.2.37-150300.3.41.1.x86_64", product_id: "susemanager-4.2.37-150300.3.41.1.x86_64", }, }, { category: "product_version", name: "susemanager-tools-4.2.37-150300.3.41.1.x86_64", product: { name: "susemanager-tools-4.2.37-150300.3.41.1.x86_64", product_id: "susemanager-tools-4.2.37-150300.3.41.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Manager Proxy Module 4.2", product: { name: "SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-suse-manager-proxy:4.2", }, }, }, { category: "product_name", name: "SUSE Manager Server Module 4.2", product: { name: "SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-suse-manager-server:4.2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "mgr-daemon-4.2.10-150300.2.9.4.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch", }, product_reference: "mgr-daemon-4.2.10-150300.2.9.4.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "patterns-suma_proxy-4.2-150300.4.12.2.x86_64 as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64", }, product_reference: "patterns-suma_proxy-4.2-150300.4.12.2.x86_64", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", }, product_reference: "python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-check-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch", }, product_reference: "python3-spacewalk-check-4.2.20-150300.4.24.3.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", }, product_reference: "python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", }, product_reference: "python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64 as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", }, product_reference: "python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacecmd-4.2.19-150300.4.27.2.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", }, product_reference: "spacecmd-4.2.19-150300.4.27.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", }, product_reference: "spacewalk-backend-4.2.24-150300.4.29.5.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", }, product_reference: "spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", }, product_reference: "spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", }, product_reference: "spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-check-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch", }, product_reference: "spacewalk-check-4.2.20-150300.4.24.3.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-client-setup-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", }, product_reference: "spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-client-tools-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", }, product_reference: "spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch", }, product_reference: "spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch", }, product_reference: "spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch", }, product_reference: "spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch", }, product_reference: "spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch", }, product_reference: "spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch", }, product_reference: "spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch as component of SUSE Manager Proxy Module 4.2", product_id: "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch", }, product_reference: "susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch", relates_to_product_reference: "SUSE Manager Proxy Module 4.2", }, { category: "default_component_of", full_product_name: { name: "drools-7.17.0-150300.4.6.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch", }, product_reference: "drools-7.17.0-150300.4.6.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch", }, product_reference: "httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch", }, product_reference: "image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "inter-server-sync-0.2.3-150300.8.22.2.ppc64le as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le", }, product_reference: "inter-server-sync-0.2.3-150300.8.22.2.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "inter-server-sync-0.2.3-150300.8.22.2.s390x as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x", }, product_reference: "inter-server-sync-0.2.3-150300.8.22.2.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "inter-server-sync-0.2.3-150300.8.22.2.x86_64 as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64", }, product_reference: "inter-server-sync-0.2.3-150300.8.22.2.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "patterns-suma_retail-4.2-150300.4.12.2.ppc64le as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le", }, product_reference: "patterns-suma_retail-4.2-150300.4.12.2.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "patterns-suma_retail-4.2-150300.4.12.2.s390x as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x", }, product_reference: "patterns-suma_retail-4.2-150300.4.12.2.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "patterns-suma_retail-4.2-150300.4.12.2.x86_64 as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64", }, product_reference: "patterns-suma_retail-4.2-150300.4.12.2.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "patterns-suma_server-4.2-150300.4.12.2.ppc64le as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le", }, product_reference: "patterns-suma_server-4.2-150300.4.12.2.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "patterns-suma_server-4.2-150300.4.12.2.s390x as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x", }, product_reference: "patterns-suma_server-4.2-150300.4.12.2.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "patterns-suma_server-4.2-150300.4.12.2.x86_64 as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64", }, product_reference: "patterns-suma_server-4.2-150300.4.12.2.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "py27-compat-salt-3000.3-150300.7.7.23.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch", }, product_reference: "py27-compat-salt-3000.3-150300.7.7.23.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", }, product_reference: "python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", }, product_reference: "python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le", }, product_reference: "python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x", }, product_reference: "python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64 as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", }, product_reference: "python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "salt-netapi-client-0.20.0-150300.3.9.4.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch", }, product_reference: "salt-netapi-client-0.20.0-150300.3.9.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch", }, product_reference: "saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacecmd-4.2.19-150300.4.27.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", }, product_reference: "spacecmd-4.2.19-150300.4.27.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-admin-4.2.12-150300.3.15.3.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch", }, product_reference: "spacewalk-admin-4.2.12-150300.3.15.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", }, product_reference: "spacewalk-backend-4.2.24-150300.4.29.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-app-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch", }, product_reference: "spacewalk-backend-app-4.2.24-150300.4.29.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch", }, product_reference: "spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch", }, product_reference: "spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch", }, product_reference: "spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch", }, product_reference: "spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch", }, product_reference: "spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch", }, product_reference: "spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch", }, product_reference: "spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-server-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch", }, product_reference: "spacewalk-backend-server-4.2.24-150300.4.29.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch", }, product_reference: "spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch", }, product_reference: "spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch", }, product_reference: "spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch", }, product_reference: "spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch", }, product_reference: "spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-base-4.2.29-150300.3.27.3.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch", }, product_reference: "spacewalk-base-4.2.29-150300.3.27.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", }, product_reference: "spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", }, product_reference: "spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", }, product_reference: "spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-client-tools-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", }, product_reference: "spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-html-4.2.29-150300.3.27.3.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch", }, product_reference: "spacewalk-html-4.2.29-150300.3.27.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-java-4.2.41-150300.3.43.5.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch", }, product_reference: "spacewalk-java-4.2.41-150300.3.43.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-java-config-4.2.41-150300.3.43.5.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch", }, product_reference: "spacewalk-java-config-4.2.41-150300.3.43.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-java-lib-4.2.41-150300.3.43.5.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch", }, product_reference: "spacewalk-java-lib-4.2.41-150300.3.43.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch", }, product_reference: "spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-search-4.2.8-150300.3.12.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch", }, product_reference: "spacewalk-search-4.2.8-150300.3.12.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch", }, product_reference: "spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "subscription-matcher-0.29-150300.6.12.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch", }, product_reference: "subscription-matcher-0.29-150300.6.12.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-4.2.37-150300.3.41.1.ppc64le as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le", }, product_reference: "susemanager-4.2.37-150300.3.41.1.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-4.2.37-150300.3.41.1.s390x as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x", }, product_reference: "susemanager-4.2.37-150300.3.41.1.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-4.2.37-150300.3.41.1.x86_64 as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64", }, product_reference: "susemanager-4.2.37-150300.3.41.1.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-doc-indexes-4.2-150300.12.33.4.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch", }, product_reference: "susemanager-doc-indexes-4.2-150300.12.33.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-docs_en-4.2-150300.12.33.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch", }, product_reference: "susemanager-docs_en-4.2-150300.12.33.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch", }, product_reference: "susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-schema-4.2.24-150300.3.27.3.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch", }, product_reference: "susemanager-schema-4.2.24-150300.3.27.3.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-sls-4.2.27-150300.3.33.4.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch", }, product_reference: "susemanager-sls-4.2.27-150300.3.33.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-tools-4.2.37-150300.3.41.1.ppc64le as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le", }, product_reference: "susemanager-tools-4.2.37-150300.3.41.1.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-tools-4.2.37-150300.3.41.1.s390x as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x", }, product_reference: "susemanager-tools-4.2.37-150300.3.41.1.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "susemanager-tools-4.2.37-150300.3.41.1.x86_64 as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64", }, product_reference: "susemanager-tools-4.2.37-150300.3.41.1.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, { category: "default_component_of", full_product_name: { name: "uyuni-config-modules-4.2.27-150300.3.33.4.noarch as component of SUSE Manager Server Module 4.2", product_id: "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch", }, product_reference: "uyuni-config-modules-4.2.27-150300.3.33.4.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.2", }, ], }, vulnerabilities: [ { cve: "CVE-2021-41411", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41411", }, ], notes: [ { category: "general", text: "drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch", "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch", "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-41411", url: "https://www.suse.com/security/cve/CVE-2021-41411", }, { category: "external", summary: "SUSE Bug 1200629 for CVE-2021-41411", url: "https://bugzilla.suse.com/1200629", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch", "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch", "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch", "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch", "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch", ], }, ], threats: [ { category: "impact", date: "2022-09-19T15:38:45Z", details: "important", }, ], title: "CVE-2021-41411", }, { cve: "CVE-2021-42740", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-42740", }, ], notes: [ { category: "general", text: "The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch", "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch", "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-42740", url: "https://www.suse.com/security/cve/CVE-2021-42740", }, { category: "external", summary: "SUSE Bug 1203287 for CVE-2021-42740", url: "https://bugzilla.suse.com/1203287", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch", "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch", "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch", "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch", "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch", ], }, ], threats: [ { category: "impact", date: "2022-09-19T15:38:45Z", details: "critical", }, ], title: "CVE-2021-42740", }, { cve: "CVE-2021-43138", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-43138", }, ], notes: [ { category: "general", text: "In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch", "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch", "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-43138", url: "https://www.suse.com/security/cve/CVE-2021-43138", }, { category: "external", summary: "SUSE Bug 1200480 for CVE-2021-43138", url: "https://bugzilla.suse.com/1200480", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch", "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch", "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch", "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch", "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch", ], }, ], threats: [ { category: "impact", date: "2022-09-19T15:38:45Z", details: "important", }, ], title: "CVE-2021-43138", }, { cve: "CVE-2022-31129", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-31129", }, ], notes: [ { category: "general", text: "moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch", "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch", "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-31129", url: "https://www.suse.com/security/cve/CVE-2022-31129", }, { category: "external", summary: "SUSE Bug 1203288 for CVE-2022-31129", url: "https://bugzilla.suse.com/1203288", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch", "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch", "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch", "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64", "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch", "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch", "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch", "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x", "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x", "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64", "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x", "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64", "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch", "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch", "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch", "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch", "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch", "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x", "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64", "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch", ], }, ], threats: [ { category: "impact", date: "2022-09-19T15:38:45Z", details: "important", }, ], title: "CVE-2022-31129", }, ], }
suse-su-2022:3761-1
Vulnerability from csaf_suse
Published
2022-10-26 08:58
Modified
2022-10-26 08:58
Summary
Security update for release-notes-susemanager, release-notes-susemanager-proxy
Notes
Title of the patch
Security update for release-notes-susemanager, release-notes-susemanager-proxy
Description of the patch
This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues:
Release notes for SUSE Manager:
- Update to SUSE Manager 4.3.2
* Containerized proxy and RBS are now fully supported
* HTTP API is now fully supported
* Ubuntu 22.04 is now supported as a client
* Cobbler has been upgraded to version 3.3.3 which also includes building ISOs with UEFI support
* pip support has been added for the Salt Bundle
* Prometheus exporter for Apache has been upgraded to 0.10.0
* CVEs fixed: CVE-2021-41411, CVE-2021-42740, CVE-2021-43138, CVE-2022-0860, CVE-2022-31129
* Bugs mentioned:
bsc#1191857, bsc#1195624, bsc#1196729, bsc#1197027, bsc#1198168
bsc#1198903, bsc#1199726, bsc#1200480, bsc#1200573, bsc#1200629
bsc#1201210, bsc#1201220, bsc#1201260, bsc#1201626, bsc#1201753
bsc#1201788, bsc#1201913, bsc#1201918, bsc#1202271, bsc#1202272
bsc#1202367, bsc#1202455, bsc#1202464, bsc#1202602, bsc#1202728
bsc#1202729, bsc#1202805, bsc#1202899, bsc#1203026, bsc#1203049
bsc#1203056, bsc#1203169, bsc#1203287, bsc#1203288, bsc#1203385
bsc#1203406, bsc#1203422, bsc#1203449, bsc#1203478, bsc#1203484
bsc#1203564, bsc#1203585, bsc#1203611
Release notes for SUSE Manager Proxy:
- Update to SUSE Manager 4.3.2
* Containerized proxy and RBS are now fully supported
* CVEs fixed: CVE-2021-42740, CVE-2021-43138, CVE-2022-31129
* Bugs mentioned:
bsc#1198168, bsc#1198903, bsc#1200480, bsc#1201589, bsc#1201788
bsc#1203287, bsc#1203288, bsc#1203585
Patchnames
SUSE-2022-3761,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2022-3761,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2022-3761,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2022-3761
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for release-notes-susemanager, release-notes-susemanager-proxy", title: "Title of the patch", }, { category: "description", text: "This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues:\n\nRelease notes for SUSE Manager:\n\n- Update to SUSE Manager 4.3.2\n * Containerized proxy and RBS are now fully supported\n * HTTP API is now fully supported\n * Ubuntu 22.04 is now supported as a client\n * Cobbler has been upgraded to version 3.3.3 which also includes building ISOs with UEFI support\n * pip support has been added for the Salt Bundle \n * Prometheus exporter for Apache has been upgraded to 0.10.0\n * CVEs fixed: CVE-2021-41411, CVE-2021-42740, CVE-2021-43138, CVE-2022-0860, CVE-2022-31129\n * Bugs mentioned:\n bsc#1191857, bsc#1195624, bsc#1196729, bsc#1197027, bsc#1198168\n bsc#1198903, bsc#1199726, bsc#1200480, bsc#1200573, bsc#1200629\n bsc#1201210, bsc#1201220, bsc#1201260, bsc#1201626, bsc#1201753\n bsc#1201788, bsc#1201913, bsc#1201918, bsc#1202271, bsc#1202272\n bsc#1202367, bsc#1202455, bsc#1202464, bsc#1202602, bsc#1202728\n bsc#1202729, bsc#1202805, bsc#1202899, bsc#1203026, bsc#1203049\n bsc#1203056, bsc#1203169, bsc#1203287, bsc#1203288, bsc#1203385\n bsc#1203406, bsc#1203422, bsc#1203449, bsc#1203478, bsc#1203484\n bsc#1203564, bsc#1203585, bsc#1203611 \n\nRelease notes for SUSE Manager Proxy:\n\n- Update to SUSE Manager 4.3.2\n * Containerized proxy and RBS are now fully supported\n * CVEs fixed: CVE-2021-42740, CVE-2021-43138, CVE-2022-31129\n * Bugs mentioned:\n bsc#1198168, bsc#1198903, bsc#1200480, bsc#1201589, bsc#1201788\n bsc#1203287, bsc#1203288, bsc#1203585 \n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-3761,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2022-3761,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2022-3761,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2022-3761", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3761-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:3761-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20223761-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:3761-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012707.html", }, { category: "self", summary: "SUSE Bug 1191857", url: "https://bugzilla.suse.com/1191857", }, { category: "self", summary: "SUSE Bug 1195624", url: "https://bugzilla.suse.com/1195624", }, { category: "self", summary: "SUSE Bug 1196729", url: "https://bugzilla.suse.com/1196729", }, { category: "self", summary: "SUSE Bug 1197027", url: "https://bugzilla.suse.com/1197027", }, { category: "self", summary: "SUSE Bug 1198168", url: "https://bugzilla.suse.com/1198168", }, { category: "self", summary: "SUSE Bug 1198903", url: "https://bugzilla.suse.com/1198903", }, { category: "self", summary: "SUSE Bug 1199726", url: "https://bugzilla.suse.com/1199726", }, { category: "self", summary: "SUSE Bug 1200480", url: "https://bugzilla.suse.com/1200480", }, { category: "self", summary: "SUSE Bug 1200573", url: "https://bugzilla.suse.com/1200573", }, { category: "self", summary: "SUSE Bug 1200629", url: "https://bugzilla.suse.com/1200629", }, { category: "self", summary: "SUSE Bug 1201210", url: "https://bugzilla.suse.com/1201210", }, { category: "self", summary: "SUSE Bug 1201220", url: "https://bugzilla.suse.com/1201220", }, { category: "self", summary: "SUSE Bug 1201260", url: "https://bugzilla.suse.com/1201260", }, { category: "self", summary: "SUSE Bug 1201589", url: "https://bugzilla.suse.com/1201589", }, { category: "self", summary: "SUSE Bug 1201626", url: "https://bugzilla.suse.com/1201626", }, { category: "self", summary: "SUSE Bug 1201753", url: "https://bugzilla.suse.com/1201753", }, { category: "self", summary: "SUSE Bug 1201788", url: "https://bugzilla.suse.com/1201788", }, { category: "self", summary: "SUSE Bug 1201913", url: "https://bugzilla.suse.com/1201913", }, { category: "self", summary: "SUSE Bug 1201918", url: "https://bugzilla.suse.com/1201918", }, { category: "self", summary: "SUSE Bug 1202271", url: "https://bugzilla.suse.com/1202271", }, { category: "self", summary: "SUSE Bug 1202272", url: "https://bugzilla.suse.com/1202272", }, { category: "self", summary: "SUSE Bug 1202367", url: "https://bugzilla.suse.com/1202367", }, { category: "self", summary: "SUSE Bug 1202455", url: "https://bugzilla.suse.com/1202455", }, { category: "self", summary: "SUSE Bug 1202464", url: "https://bugzilla.suse.com/1202464", }, { category: "self", summary: "SUSE Bug 1202602", url: "https://bugzilla.suse.com/1202602", }, { category: "self", summary: "SUSE Bug 1202728", url: "https://bugzilla.suse.com/1202728", }, { category: "self", summary: "SUSE Bug 1202729", url: "https://bugzilla.suse.com/1202729", }, { category: "self", summary: "SUSE Bug 1202805", url: "https://bugzilla.suse.com/1202805", }, { category: "self", summary: "SUSE Bug 1202899", url: "https://bugzilla.suse.com/1202899", }, { category: "self", summary: "SUSE Bug 1203026", url: "https://bugzilla.suse.com/1203026", }, { category: "self", summary: "SUSE Bug 1203049", url: "https://bugzilla.suse.com/1203049", }, { category: "self", summary: "SUSE Bug 1203056", url: "https://bugzilla.suse.com/1203056", }, { category: "self", summary: "SUSE Bug 1203169", url: "https://bugzilla.suse.com/1203169", }, { category: "self", summary: "SUSE Bug 1203287", url: "https://bugzilla.suse.com/1203287", }, { category: "self", summary: "SUSE Bug 1203288", url: "https://bugzilla.suse.com/1203288", }, { category: "self", summary: "SUSE Bug 1203385", url: "https://bugzilla.suse.com/1203385", }, { category: "self", summary: "SUSE Bug 1203406", url: "https://bugzilla.suse.com/1203406", }, { category: "self", summary: "SUSE Bug 1203422", url: "https://bugzilla.suse.com/1203422", }, { category: "self", summary: "SUSE Bug 1203449", url: "https://bugzilla.suse.com/1203449", }, { category: "self", summary: "SUSE Bug 1203478", url: "https://bugzilla.suse.com/1203478", }, { category: "self", summary: "SUSE Bug 1203484", url: "https://bugzilla.suse.com/1203484", }, { category: "self", summary: "SUSE Bug 1203564", url: "https://bugzilla.suse.com/1203564", }, { category: "self", summary: "SUSE Bug 1203585", url: "https://bugzilla.suse.com/1203585", }, { category: "self", summary: "SUSE Bug 1203611", url: "https://bugzilla.suse.com/1203611", }, { category: "self", summary: "SUSE CVE CVE-2021-41411 page", url: "https://www.suse.com/security/cve/CVE-2021-41411/", }, { category: "self", summary: "SUSE CVE CVE-2021-42740 page", url: "https://www.suse.com/security/cve/CVE-2021-42740/", }, { category: "self", summary: "SUSE CVE CVE-2021-43138 page", url: "https://www.suse.com/security/cve/CVE-2021-43138/", }, { category: "self", summary: "SUSE CVE CVE-2022-0860 page", url: "https://www.suse.com/security/cve/CVE-2022-0860/", }, { category: "self", summary: "SUSE CVE CVE-2022-31129 page", url: "https://www.suse.com/security/cve/CVE-2022-31129/", }, ], title: "Security update for release-notes-susemanager, release-notes-susemanager-proxy", tracking: { current_release_date: "2022-10-26T08:58:54Z", generator: { date: "2022-10-26T08:58:54Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:3761-1", initial_release_date: "2022-10-26T08:58:54Z", revision_history: [ { date: "2022-10-26T08:58:54Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "release-notes-susemanager-4.3.2-150400.3.15.1.aarch64", product: { name: "release-notes-susemanager-4.3.2-150400.3.15.1.aarch64", product_id: "release-notes-susemanager-4.3.2-150400.3.15.1.aarch64", }, }, { category: "product_version", name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.aarch64", product: { name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.aarch64", product_id: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "release-notes-susemanager-4.3.2-150400.3.15.1.i586", product: { name: "release-notes-susemanager-4.3.2-150400.3.15.1.i586", product_id: "release-notes-susemanager-4.3.2-150400.3.15.1.i586", }, }, { category: "product_version", name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.i586", product: { name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.i586", product_id: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le", product: { name: "release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le", product_id: "release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le", }, }, { category: "product_version", name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.ppc64le", product: { name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.ppc64le", product_id: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "release-notes-susemanager-4.3.2-150400.3.15.1.s390x", product: { name: "release-notes-susemanager-4.3.2-150400.3.15.1.s390x", product_id: "release-notes-susemanager-4.3.2-150400.3.15.1.s390x", }, }, { category: "product_version", name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.s390x", product: { name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.s390x", product_id: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "release-notes-susemanager-4.3.2-150400.3.15.1.x86_64", product: { name: "release-notes-susemanager-4.3.2-150400.3.15.1.x86_64", product_id: "release-notes-susemanager-4.3.2-150400.3.15.1.x86_64", }, }, { category: "product_version", name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", product: { name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", product_id: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Manager Proxy 4.3", product: { name: "SUSE Manager Proxy 4.3", product_id: "SUSE Manager Proxy 4.3", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-proxy:4.3", }, }, }, { category: "product_name", name: "SUSE Manager Retail Branch Server 4.3", product: { name: "SUSE Manager Retail Branch Server 4.3", product_id: "SUSE Manager Retail Branch Server 4.3", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-retail-branch-server:4.3", }, }, }, { category: "product_name", name: "SUSE Manager Server 4.3", product: { name: "SUSE Manager Server 4.3", product_id: "SUSE Manager Server 4.3", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-server:4.3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64 as component of SUSE Manager Proxy 4.3", product_id: "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", }, product_reference: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", relates_to_product_reference: "SUSE Manager Proxy 4.3", }, { category: "default_component_of", full_product_name: { name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64 as component of SUSE Manager Retail Branch Server 4.3", product_id: "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", }, product_reference: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", relates_to_product_reference: "SUSE Manager Retail Branch Server 4.3", }, { category: "default_component_of", full_product_name: { name: "release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le as component of SUSE Manager Server 4.3", product_id: "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le", }, product_reference: "release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le", relates_to_product_reference: "SUSE Manager Server 4.3", }, { category: "default_component_of", full_product_name: { name: "release-notes-susemanager-4.3.2-150400.3.15.1.s390x as component of SUSE Manager Server 4.3", product_id: "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x", }, product_reference: "release-notes-susemanager-4.3.2-150400.3.15.1.s390x", relates_to_product_reference: "SUSE Manager Server 4.3", }, { category: "default_component_of", full_product_name: { name: "release-notes-susemanager-4.3.2-150400.3.15.1.x86_64 as component of SUSE Manager Server 4.3", product_id: "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64", }, product_reference: "release-notes-susemanager-4.3.2-150400.3.15.1.x86_64", relates_to_product_reference: "SUSE Manager Server 4.3", }, ], }, vulnerabilities: [ { cve: "CVE-2021-41411", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41411", }, ], notes: [ { category: "general", text: "drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41411", url: "https://www.suse.com/security/cve/CVE-2021-41411", }, { category: "external", summary: "SUSE Bug 1200629 for CVE-2021-41411", url: "https://bugzilla.suse.com/1200629", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-26T08:58:54Z", details: "important", }, ], title: "CVE-2021-41411", }, { cve: "CVE-2021-42740", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-42740", }, ], notes: [ { category: "general", text: "The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-42740", url: "https://www.suse.com/security/cve/CVE-2021-42740", }, { category: "external", summary: "SUSE Bug 1203287 for CVE-2021-42740", url: "https://bugzilla.suse.com/1203287", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-26T08:58:54Z", details: "critical", }, ], title: "CVE-2021-42740", }, { cve: "CVE-2021-43138", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-43138", }, ], notes: [ { category: "general", text: "In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-43138", url: "https://www.suse.com/security/cve/CVE-2021-43138", }, { category: "external", summary: "SUSE Bug 1200480 for CVE-2021-43138", url: "https://bugzilla.suse.com/1200480", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-26T08:58:54Z", details: "important", }, ], title: "CVE-2021-43138", }, { cve: "CVE-2022-0860", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-0860", }, ], notes: [ { category: "general", text: "Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-0860", url: "https://www.suse.com/security/cve/CVE-2022-0860", }, { category: "external", summary: "SUSE Bug 1197027 for CVE-2022-0860", url: "https://bugzilla.suse.com/1197027", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-26T08:58:54Z", details: "important", }, ], title: "CVE-2022-0860", }, { cve: "CVE-2022-31129", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-31129", }, ], notes: [ { category: "general", text: "moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-31129", url: "https://www.suse.com/security/cve/CVE-2022-31129", }, { category: "external", summary: "SUSE Bug 1203288 for CVE-2022-31129", url: "https://bugzilla.suse.com/1203288", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x", "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-10-26T08:58:54Z", details: "important", }, ], title: "CVE-2022-31129", }, ], }
suse-su-2022:3313-1
Vulnerability from csaf_suse
Published
2022-09-19 15:37
Modified
2022-09-19 15:37
Summary
Security update for release-notes-susemanager, release-notes-susemanager-proxy
Notes
Title of the patch
Security update for release-notes-susemanager, release-notes-susemanager-proxy
Description of the patch
This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues:
Release notes for SUSE Manager:
- Update to SUSE:Manager 4.2.9
* Notification about SUSE Manager end-of-life has been added
* CVEs fixed: CVE-2021-43138, CVE-2021-42740, CVE-2022-31129, CVE-2021-41411
* Bugs mentioned:
bsc#1172705, bsc#1187028, bsc#1195455, bsc#1195895, bsc#1196729
bsc#1198168, bsc#1198489, bsc#1198738, bsc#1198903, bsc#1199372
bsc#1199659, bsc#1199913, bsc#1199950, bsc#1200276, bsc#1200296
bsc#1200480, bsc#1200532, bsc#1200573, bsc#1200591, bsc#1200629
bsc#1201142, bsc#1201189, bsc#1201210, bsc#1201220, bsc#1201224
bsc#1201527, bsc#1201606, bsc#1201607, bsc#1201626, bsc#1201753
bsc#1201913, bsc#1201918, bsc#1202142, bsc#1202272, bsc#1202464
bsc#1202728, bsc#1203287, bsc#1203288, bsc#1203449
Release notes for SUSE Manager Proxy:
- Update to SUSE Manager 4.2.9
* CVEs fixed: CVE-2021-43138, CVE-2021-42740, CVE-2022-31129
* Bugs mentioned:
bsc#1198168, bsc#1198903, bsc#1199659, bsc#1200480, bsc#1200591
bsc#1201142, bsc#1202142, bsc#1202724
Patchnames
SUSE-2022-3313,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-3313,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-3313,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-3313
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for release-notes-susemanager, release-notes-susemanager-proxy", title: "Title of the patch", }, { category: "description", text: "This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues:\n\nRelease notes for SUSE Manager:\n\n- Update to SUSE:Manager 4.2.9\n * Notification about SUSE Manager end-of-life has been added\n * CVEs fixed: CVE-2021-43138, CVE-2021-42740, CVE-2022-31129, CVE-2021-41411\n * Bugs mentioned:\n bsc#1172705, bsc#1187028, bsc#1195455, bsc#1195895, bsc#1196729\n bsc#1198168, bsc#1198489, bsc#1198738, bsc#1198903, bsc#1199372\n bsc#1199659, bsc#1199913, bsc#1199950, bsc#1200276, bsc#1200296\n bsc#1200480, bsc#1200532, bsc#1200573, bsc#1200591, bsc#1200629\n bsc#1201142, bsc#1201189, bsc#1201210, bsc#1201220, bsc#1201224\n bsc#1201527, bsc#1201606, bsc#1201607, bsc#1201626, bsc#1201753\n bsc#1201913, bsc#1201918, bsc#1202142, bsc#1202272, bsc#1202464\n bsc#1202728, bsc#1203287, bsc#1203288, bsc#1203449\n\nRelease notes for SUSE Manager Proxy:\n\n- Update to SUSE Manager 4.2.9\n * CVEs fixed: CVE-2021-43138, CVE-2021-42740, CVE-2022-31129\n * Bugs mentioned:\n bsc#1198168, bsc#1198903, bsc#1199659, bsc#1200480, bsc#1200591\n bsc#1201142, bsc#1202142, bsc#1202724\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-3313,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-3313,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-3313,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-3313", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3313-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:3313-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20223313-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:3313-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012289.html", }, { category: "self", summary: "SUSE Bug 1172705", url: "https://bugzilla.suse.com/1172705", }, { category: "self", summary: "SUSE Bug 1187028", url: "https://bugzilla.suse.com/1187028", }, { category: "self", summary: "SUSE Bug 1195455", url: "https://bugzilla.suse.com/1195455", }, { category: "self", summary: "SUSE Bug 1195895", url: "https://bugzilla.suse.com/1195895", }, { category: "self", summary: "SUSE Bug 1196729", url: "https://bugzilla.suse.com/1196729", }, { category: "self", summary: "SUSE Bug 1198168", url: "https://bugzilla.suse.com/1198168", }, { category: "self", summary: "SUSE Bug 1198489", url: "https://bugzilla.suse.com/1198489", }, { category: "self", summary: "SUSE Bug 1198738", url: "https://bugzilla.suse.com/1198738", }, { category: "self", summary: "SUSE Bug 1198903", url: "https://bugzilla.suse.com/1198903", }, { category: "self", summary: "SUSE Bug 1199372", url: "https://bugzilla.suse.com/1199372", }, { category: "self", summary: "SUSE Bug 1199659", url: "https://bugzilla.suse.com/1199659", }, { category: "self", summary: "SUSE Bug 1199913", url: "https://bugzilla.suse.com/1199913", }, { category: "self", summary: "SUSE Bug 1199950", url: "https://bugzilla.suse.com/1199950", }, { category: "self", summary: "SUSE Bug 1200276", url: "https://bugzilla.suse.com/1200276", }, { category: "self", summary: "SUSE Bug 1200296", url: "https://bugzilla.suse.com/1200296", }, { category: "self", summary: "SUSE Bug 1200480", url: "https://bugzilla.suse.com/1200480", }, { category: "self", summary: "SUSE Bug 1200532", url: "https://bugzilla.suse.com/1200532", }, { category: "self", summary: "SUSE Bug 1200573", url: "https://bugzilla.suse.com/1200573", }, { category: "self", summary: "SUSE Bug 1200591", url: "https://bugzilla.suse.com/1200591", }, { category: "self", summary: "SUSE Bug 1200629", url: "https://bugzilla.suse.com/1200629", }, { category: "self", summary: "SUSE Bug 1201142", url: "https://bugzilla.suse.com/1201142", }, { category: "self", summary: "SUSE Bug 1201189", url: "https://bugzilla.suse.com/1201189", }, { category: "self", summary: "SUSE Bug 1201210", url: "https://bugzilla.suse.com/1201210", }, { category: "self", summary: "SUSE Bug 1201220", url: "https://bugzilla.suse.com/1201220", }, { category: "self", summary: "SUSE Bug 1201224", url: "https://bugzilla.suse.com/1201224", }, { category: "self", summary: "SUSE Bug 1201527", url: "https://bugzilla.suse.com/1201527", }, { category: "self", summary: "SUSE Bug 1201606", url: "https://bugzilla.suse.com/1201606", }, { category: "self", summary: "SUSE Bug 1201607", url: "https://bugzilla.suse.com/1201607", }, { category: "self", summary: "SUSE Bug 1201626", url: "https://bugzilla.suse.com/1201626", }, { category: "self", summary: "SUSE Bug 1201753", url: "https://bugzilla.suse.com/1201753", }, { category: "self", summary: "SUSE Bug 1201913", url: "https://bugzilla.suse.com/1201913", }, { category: "self", summary: "SUSE Bug 1201918", url: "https://bugzilla.suse.com/1201918", }, { category: "self", summary: "SUSE Bug 1202142", url: "https://bugzilla.suse.com/1202142", }, { category: "self", summary: "SUSE Bug 1202272", url: "https://bugzilla.suse.com/1202272", }, { category: "self", summary: "SUSE Bug 1202464", url: "https://bugzilla.suse.com/1202464", }, { category: "self", summary: "SUSE Bug 1202724", url: "https://bugzilla.suse.com/1202724", }, { category: "self", summary: "SUSE Bug 1202728", url: "https://bugzilla.suse.com/1202728", }, { category: "self", summary: "SUSE Bug 1203287", url: "https://bugzilla.suse.com/1203287", }, { category: "self", summary: "SUSE Bug 1203288", url: "https://bugzilla.suse.com/1203288", }, { category: "self", summary: "SUSE Bug 1203449", url: "https://bugzilla.suse.com/1203449", }, { category: "self", summary: "SUSE CVE CVE-2021-41411 page", url: "https://www.suse.com/security/cve/CVE-2021-41411/", }, { category: "self", summary: "SUSE CVE CVE-2021-42740 page", url: "https://www.suse.com/security/cve/CVE-2021-42740/", }, { category: "self", summary: "SUSE CVE CVE-2021-43138 page", url: "https://www.suse.com/security/cve/CVE-2021-43138/", }, { category: "self", summary: "SUSE CVE CVE-2022-31129 page", url: "https://www.suse.com/security/cve/CVE-2022-31129/", }, ], title: "Security update for release-notes-susemanager, release-notes-susemanager-proxy", tracking: { current_release_date: "2022-09-19T15:37:27Z", generator: { date: "2022-09-19T15:37:27Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:3313-1", initial_release_date: "2022-09-19T15:37:27Z", revision_history: [ { date: "2022-09-19T15:37:27Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "release-notes-susemanager-4.2.9-150300.3.54.1.aarch64", product: { name: "release-notes-susemanager-4.2.9-150300.3.54.1.aarch64", product_id: "release-notes-susemanager-4.2.9-150300.3.54.1.aarch64", }, }, { category: "product_version", name: "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.aarch64", product: { name: "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.aarch64", product_id: "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "release-notes-susemanager-4.2.9-150300.3.54.1.i586", product: { name: "release-notes-susemanager-4.2.9-150300.3.54.1.i586", product_id: "release-notes-susemanager-4.2.9-150300.3.54.1.i586", }, }, { category: "product_version", name: "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.i586", product: { name: "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.i586", product_id: "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le", product: { name: "release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le", product_id: "release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le", }, }, { category: "product_version", name: "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.ppc64le", product: { name: "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.ppc64le", product_id: "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "release-notes-susemanager-4.2.9-150300.3.54.1.s390x", product: { name: "release-notes-susemanager-4.2.9-150300.3.54.1.s390x", product_id: "release-notes-susemanager-4.2.9-150300.3.54.1.s390x", }, }, { category: "product_version", name: "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.s390x", product: { name: "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.s390x", product_id: "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "release-notes-susemanager-4.2.9-150300.3.54.1.x86_64", product: { name: "release-notes-susemanager-4.2.9-150300.3.54.1.x86_64", product_id: "release-notes-susemanager-4.2.9-150300.3.54.1.x86_64", }, }, { category: "product_version", name: "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", product: { name: "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", product_id: "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Manager Proxy 4.2", product: { name: "SUSE Manager Proxy 4.2", product_id: "SUSE Manager Proxy 4.2", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-proxy:4.2", }, }, }, { category: "product_name", name: "SUSE Manager Retail Branch Server 4.2", product: { name: "SUSE Manager Retail Branch Server 4.2", product_id: "SUSE Manager Retail Branch Server 4.2", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-retail-branch-server:4.2", }, }, }, { category: "product_name", name: "SUSE Manager Server 4.2", product: { name: "SUSE Manager Server 4.2", product_id: "SUSE Manager Server 4.2", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-server:4.2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64 as component of SUSE Manager Proxy 4.2", product_id: "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", }, product_reference: "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", relates_to_product_reference: "SUSE Manager Proxy 4.2", }, { category: "default_component_of", full_product_name: { name: "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64 as component of SUSE Manager Retail Branch Server 4.2", product_id: "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", }, product_reference: "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", relates_to_product_reference: "SUSE Manager Retail Branch Server 4.2", }, { category: "default_component_of", full_product_name: { name: "release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le as component of SUSE Manager Server 4.2", product_id: "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le", }, product_reference: "release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le", relates_to_product_reference: "SUSE Manager Server 4.2", }, { category: "default_component_of", full_product_name: { name: "release-notes-susemanager-4.2.9-150300.3.54.1.s390x as component of SUSE Manager Server 4.2", product_id: "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x", }, product_reference: "release-notes-susemanager-4.2.9-150300.3.54.1.s390x", relates_to_product_reference: "SUSE Manager Server 4.2", }, { category: "default_component_of", full_product_name: { name: "release-notes-susemanager-4.2.9-150300.3.54.1.x86_64 as component of SUSE Manager Server 4.2", product_id: "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64", }, product_reference: "release-notes-susemanager-4.2.9-150300.3.54.1.x86_64", relates_to_product_reference: "SUSE Manager Server 4.2", }, ], }, vulnerabilities: [ { cve: "CVE-2021-41411", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41411", }, ], notes: [ { category: "general", text: "drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41411", url: "https://www.suse.com/security/cve/CVE-2021-41411", }, { category: "external", summary: "SUSE Bug 1200629 for CVE-2021-41411", url: "https://bugzilla.suse.com/1200629", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-09-19T15:37:27Z", details: "important", }, ], title: "CVE-2021-41411", }, { cve: "CVE-2021-42740", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-42740", }, ], notes: [ { category: "general", text: "The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-42740", url: "https://www.suse.com/security/cve/CVE-2021-42740", }, { category: "external", summary: "SUSE Bug 1203287 for CVE-2021-42740", url: "https://bugzilla.suse.com/1203287", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-09-19T15:37:27Z", details: "critical", }, ], title: "CVE-2021-42740", }, { cve: "CVE-2021-43138", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-43138", }, ], notes: [ { category: "general", text: "In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-43138", url: "https://www.suse.com/security/cve/CVE-2021-43138", }, { category: "external", summary: "SUSE Bug 1200480 for CVE-2021-43138", url: "https://bugzilla.suse.com/1200480", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-09-19T15:37:27Z", details: "important", }, ], title: "CVE-2021-43138", }, { cve: "CVE-2022-31129", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-31129", }, ], notes: [ { category: "general", text: "moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-31129", url: "https://www.suse.com/security/cve/CVE-2022-31129", }, { category: "external", summary: "SUSE Bug 1203288 for CVE-2022-31129", url: "https://bugzilla.suse.com/1203288", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x", "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-09-19T15:37:27Z", details: "important", }, ], title: "CVE-2022-31129", }, ], }
ghsa-rc57-9r3x-98cq
Vulnerability from github
Published
2022-06-17 00:01
Modified
2024-07-05 14:26
Severity ?
Summary
XML External Entity Reference in drools
Details
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
{ affected: [ { database_specific: { last_known_affected_version_range: "<= 7.59.0.Final", }, package: { ecosystem: "Maven", name: "org.drools:drools-core", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "7.60.0.Final", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2021-41411", ], database_specific: { cwe_ids: [ "CWE-611", ], github_reviewed: true, github_reviewed_at: "2022-06-17T21:54:41Z", nvd_published_at: "2022-06-16T10:15:00Z", severity: "CRITICAL", }, details: "drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.", id: "GHSA-rc57-9r3x-98cq", modified: "2024-07-05T14:26:30Z", published: "2022-06-17T00:01:28Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-41411", }, { type: "WEB", url: "https://github.com/apache/incubator-kie-drools/pull/3808", }, { type: "PACKAGE", url: "https://github.com/kiegroup/drools", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, ], summary: "XML External Entity Reference in drools", }
fkie_cve-2021-41411
Vulnerability from fkie_nvd
Published
2022-06-16 10:15
Modified
2024-11-21 06:26
Severity ?
Summary
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/kiegroup/drools/pull/3808 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kiegroup/drools/pull/3808 | Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:drools:*:*:*:*:*:*:*:*", matchCriteriaId: "C458C22F-C819-46F2-BF73-C9D0D6AAA2CE", versionEndExcluding: "7.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.", }, { lang: "es", value: "drools versiones anteriores a7.59.x incluyéndola, está afectado por una vulnerabilidad de tipo XML External Entity (XXE) en KieModuleMarshaller.java. La clase Validator no es usada correctamente, resultando en una vulnerabilidad de inyección XXE", }, ], id: "CVE-2021-41411", lastModified: "2024-11-21T06:26:13.040", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-16T10:15:09.007", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/kiegroup/drools/pull/3808", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/kiegroup/drools/pull/3808", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
gsd-2021-41411
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
Aliases
Aliases
{ GSD: { alias: "CVE-2021-41411", description: "drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.", id: "GSD-2021-41411", references: [ "https://www.suse.com/security/cve/CVE-2021-41411.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2021-41411", ], details: "drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.", id: "GSD-2021-41411", modified: "2023-12-13T01:23:27.203834Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-41411", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/kiegroup/drools/pull/3808", refsource: "MISC", url: "https://github.com/kiegroup/drools/pull/3808", }, ], }, }, "gitlab.com": { advisories: [ { affected_range: "(,7.59.0.Final]", affected_versions: "All versions up to 7.59.0.final", cwe_ids: [ "CWE-1035", "CWE-937", ], date: "2022-06-17", description: "drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in `KieModuleMarshaller.java`. The Validator class is not used correctly, resulting in the XXE injection vulnerability.", fixed_versions: [ "7.60.0.Final", ], identifier: "CVE-2021-41411", identifiers: [ "GHSA-rc57-9r3x-98cq", "CVE-2021-41411", ], not_impacted: "All versions after 7.59.0.final", package_slug: "maven/org.drools/drools-core", pubdate: "2022-06-17", solution: "Upgrade to version 7.60.0.Final or above.", title: "XML External Entity Reference in drools", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2021-41411", "https://github.com/kiegroup/drools/pull/3808", "https://github.com/advisories/GHSA-rc57-9r3x-98cq", ], uuid: "2243f435-06bb-43af-b833-8da3ccd76f1c", }, { affected_range: "(,7.6.0)", affected_versions: "All versions before 7.6.0", cvss_v2: "AV:N/AC:L/Au:N/C:P/I:P/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", cwe_ids: [ "CWE-1035", "CWE-611", "CWE-937", ], date: "2022-06-28", description: "drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.", fixed_versions: [ "7.6.0.Final", ], identifier: "CVE-2021-41411", identifiers: [ "CVE-2021-41411", ], not_impacted: "All versions starting from 7.6.0", package_slug: "maven/org.drools/drools", pubdate: "2022-06-16", solution: "Upgrade to version 7.6.0.Final or above.", title: "Improper Restriction of XML External Entity Reference", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2021-41411", "https://github.com/kiegroup/drools/pull/3808", ], uuid: "0e5c9d44-dca0-48b8-b569-0a824ec2949f", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:drools:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "7.6.0", vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-41411", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-611", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/kiegroup/drools/pull/3808", refsource: "MISC", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/kiegroup/drools/pull/3808", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, }, }, lastModifiedDate: "2022-06-28T13:56Z", publishedDate: "2022-06-16T10:15Z", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.